1 # Source: upstream |
|
2 # https://bugs.php.net/patch-display.php?bug_id=69364&patch=patch-5.4&revision=1431237650 |
|
3 # Fixed in 5.6.9 |
|
4 |
|
5 diff --git a/main/rfc1867.c b/main/rfc1867.c |
|
6 index fab199b..9e2fbd5 100644 |
|
7 --- a/main/rfc1867.c |
|
8 +++ b/main/rfc1867.c |
|
9 @@ -33,6 +33,7 @@ |
|
10 #include "php_variables.h" |
|
11 #include "rfc1867.h" |
|
12 #include "ext/standard/php_string.h" |
|
13 +#include "ext/standard/php_smart_str.h" |
|
14 |
|
15 #define DEBUG_FILE_UPLOAD ZEND_DEBUG |
|
16 |
|
17 @@ -398,8 +399,9 @@ static int find_boundary(multipart_buffer *self, char *boundary TSRMLS_DC) |
|
18 static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header TSRMLS_DC) |
|
19 { |
|
20 char *line; |
|
21 - mime_header_entry prev_entry = {0}, entry; |
|
22 - int prev_len, cur_len; |
|
23 + mime_header_entry entry = {0}; |
|
24 + smart_str buf_value = {0}; |
|
25 + char *key = NULL; |
|
26 |
|
27 /* didn't find boundary, abort */ |
|
28 if (!find_boundary(self, self->boundary TSRMLS_CC)) { |
|
29 @@ -411,11 +413,10 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T |
|
30 while( (line = get_line(self TSRMLS_CC)) && strlen(line) > 0 ) |
|
31 { |
|
32 /* add header to table */ |
|
33 - char *key = line; |
|
34 char *value = NULL; |
|
35 |
|
36 if (php_rfc1867_encoding_translation(TSRMLS_C)) { |
|
37 - self->input_encoding = zend_multibyte_encoding_detector(line, strlen(line), self->detect_order, self->detect_order_size TSRMLS_CC); |
|
38 + self->input_encoding = zend_multibyte_encoding_detector((unsigned char *)line, strlen(line), self->detect_order, self->detect_order_size TSRMLS_CC); |
|
39 } |
|
40 |
|
41 /* space in the beginning means same header */ |
|
42 @@ -424,31 +425,33 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T |
|
43 } |
|
44 |
|
45 if (value) { |
|
46 - *value = 0; |
|
47 - do { value++; } while(isspace(*value)); |
|
48 - |
|
49 - entry.value = estrdup(value); |
|
50 - entry.key = estrdup(key); |
|
51 - |
|
52 - } else if (zend_llist_count(header)) { /* If no ':' on the line, add to previous line */ |
|
53 - |
|
54 - prev_len = strlen(prev_entry.value); |
|
55 - cur_len = strlen(line); |
|
56 - |
|
57 - entry.value = emalloc(prev_len + cur_len + 1); |
|
58 - memcpy(entry.value, prev_entry.value, prev_len); |
|
59 - memcpy(entry.value + prev_len, line, cur_len); |
|
60 - entry.value[cur_len + prev_len] = '\0'; |
|
61 + if(buf_value.c && key) { |
|
62 + /* new entry, add the old one to the list */ |
|
63 + smart_str_0(&buf_value); |
|
64 + entry.key = key; |
|
65 + entry.value = buf_value.c; |
|
66 + zend_llist_add_element(header, &entry); |
|
67 + buf_value.c = NULL; |
|
68 + key = NULL; |
|
69 + } |
|
70 |
|
71 - entry.key = estrdup(prev_entry.key); |
|
72 + *value = '\0'; |
|
73 + do { value++; } while(isspace(*value)); |
|
74 |
|
75 - zend_llist_remove_tail(header); |
|
76 + key = estrdup(line); |
|
77 + smart_str_appends(&buf_value, value); |
|
78 + } else if (buf_value.c) { /* If no ':' on the line, add to previous line */ |
|
79 + smart_str_appends(&buf_value, line); |
|
80 } else { |
|
81 continue; |
|
82 } |
|
83 - |
|
84 + } |
|
85 + if(buf_value.c && key) { |
|
86 + /* add the last one to the list */ |
|
87 + smart_str_0(&buf_value); |
|
88 + entry.key = key; |
|
89 + entry.value = buf_value.c; |
|
90 zend_llist_add_element(header, &entry); |
|
91 - prev_entry = entry; |
|
92 } |
|
93 |
|
94 return 1; |
|
95 @@ -884,7 +887,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ |
|
96 if (count == PG(max_input_vars) + 1) { |
|
97 php_error_docref(NULL TSRMLS_CC, E_WARNING, "Input variables exceeded %ld. To increase the limit change max_input_vars in php.ini.", PG(max_input_vars)); |
|
98 } |
|
99 - |
|
100 + |
|
101 if (php_rfc1867_callback != NULL) { |
|
102 multipart_event_formdata event_formdata; |
|
103 |
|