mirror of
https://github.com/php/php-src.git
synced 2024-11-28 12:26:37 +08:00
Fixed #46313 (Magic quotes broke $_FILES)
# magic_quotes_gpc was disabled during registration of $_FILES["x"]["tmp_name"] # and $GLOBALS["x"] (which is tmp_name with register_globals enabled). This # caused "x" to not be escaped so there was 2 different keys for the same file # in $_FILES, one with tmp_name and the other without. # All other variables (name, size, etc) are registered with magic_quotes_gpc # untouched, both in $_FILES and $GLOBALS and I did not found a reason for # disabling it for tmp_name.
This commit is contained in:
Arnaud Le Blanc
parent
16bda08080
commit
c98e28795f
@ -1283,8 +1283,6 @@ filedone:
|
||||
/* Initialize variables */
|
||||
add_protected_variable(param TSRMLS_CC);
|
||||
|
||||
magic_quotes_gpc = PG(magic_quotes_gpc);
|
||||
PG(magic_quotes_gpc) = 0;
|
||||
/* if param is of form xxx[.*] this will cut it to xxx */
|
||||
if (!is_anonymous) {
|
||||
safe_php_register_variable(param, temp_filename, strlen(temp_filename), NULL, 1 TSRMLS_CC);
|
||||
@ -1299,8 +1297,6 @@ filedone:
|
||||
add_protected_variable(lbuf TSRMLS_CC);
|
||||
register_http_post_files_variable(lbuf, temp_filename, http_post_files, 1 TSRMLS_CC);
|
||||
|
||||
PG(magic_quotes_gpc) = magic_quotes_gpc;
|
||||
|
||||
{
|
||||
zval file_size, error_type;
|
||||
|
||||
|
||||
62
tests/basic/bug46313-win.phpt
Normal file
62
tests/basic/bug46313-win.phpt
Normal file
@ -0,0 +1,62 @@
|
||||
--TEST--
|
||||
Bug #46313 (Magic quotes broke $_FILES)
|
||||
--SKIPIF--
|
||||
<?php if(substr(PHP_OS, 0, 3) != "WIN") die("skip Windows-only test"); ?>
|
||||
--INI--
|
||||
magic_quotes_gpc=1
|
||||
file_uploads=1
|
||||
register_globals=1
|
||||
--POST_RAW--
|
||||
Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
|
||||
-----------------------------20896060251896012921717172737
|
||||
Content-Disposition: form-data; name="o1'file"; filename="o1'file.png"
|
||||
Content-Type: text/plain-file1
|
||||
|
||||
1
|
||||
-----------------------------20896060251896012921717172737
|
||||
Content-Disposition: form-data; name="o2'file"; filename="o2'file2.txt"
|
||||
Content-Type: text/plain-file2
|
||||
|
||||
2
|
||||
-----------------------------20896060251896012921717172737--
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump($_FILES);
|
||||
var_dump($GLOBALS["o1\'file_name"]);
|
||||
var_dump($GLOBALS["o1\'file_name"] === $_FILES["o1\'file"]["name"]);
|
||||
var_dump($GLOBALS["o1\'file"]);
|
||||
var_dump($GLOBALS["o1\'file"] === $_FILES["o1\'file"]["tmp_name"]);
|
||||
?>
|
||||
--EXPECTF--
|
||||
array(2) {
|
||||
["o1\'file"]=>
|
||||
array(5) {
|
||||
["name"]=>
|
||||
string(12) "o1"
|
||||
["type"]=>
|
||||
string(16) "text/plain-file1"
|
||||
["tmp_name"]=>
|
||||
string(14) "%s"
|
||||
["error"]=>
|
||||
int(0)
|
||||
["size"]=>
|
||||
int(1)
|
||||
}
|
||||
["o2\'file"]=>
|
||||
array(5) {
|
||||
["name"]=>
|
||||
string(13) "o2"
|
||||
["type"]=>
|
||||
string(16) "text/plain-file2"
|
||||
["tmp_name"]=>
|
||||
string(14) "%s"
|
||||
["error"]=>
|
||||
int(0)
|
||||
["size"]=>
|
||||
int(1)
|
||||
}
|
||||
}
|
||||
string(12) "o1"
|
||||
bool(true)
|
||||
string(%d) "%s"
|
||||
bool(true)
|
||||
62
tests/basic/bug46313.phpt
Normal file
62
tests/basic/bug46313.phpt
Normal file
@ -0,0 +1,62 @@
|
||||
--TEST--
|
||||
Bug #46313 (Magic quotes broke $_FILES)
|
||||
--SKIPIF--
|
||||
<?php if(substr(PHP_OS, 0, 3) == "WIN") die("skip non-Windows test"); ?>
|
||||
--INI--
|
||||
magic_quotes_gpc=1
|
||||
file_uploads=1
|
||||
register_globals=1
|
||||
--POST_RAW--
|
||||
Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
|
||||
-----------------------------20896060251896012921717172737
|
||||
Content-Disposition: form-data; name="o1'file"; filename="o1'file.png"
|
||||
Content-Type: text/plain-file1
|
||||
|
||||
1
|
||||
-----------------------------20896060251896012921717172737
|
||||
Content-Disposition: form-data; name="o2'file"; filename="o2'file2.txt"
|
||||
Content-Type: text/plain-file2
|
||||
|
||||
2
|
||||
-----------------------------20896060251896012921717172737--
|
||||
--FILE--
|
||||
<?php
|
||||
var_dump($_FILES);
|
||||
var_dump($GLOBALS["o1\'file_name"]);
|
||||
var_dump($GLOBALS["o1\'file_name"] === $_FILES["o1\'file"]["name"]);
|
||||
var_dump($GLOBALS["o1\'file"]);
|
||||
var_dump($GLOBALS["o1\'file"] === $_FILES["o1\'file"]["tmp_name"]);
|
||||
?>
|
||||
--EXPECTF--
|
||||
array(2) {
|
||||
["o1\'file"]=>
|
||||
array(5) {
|
||||
["name"]=>
|
||||
string(12) "o1\'file.png"
|
||||
["type"]=>
|
||||
string(16) "text/plain-file1"
|
||||
["tmp_name"]=>
|
||||
string(14) "%s"
|
||||
["error"]=>
|
||||
int(0)
|
||||
["size"]=>
|
||||
int(1)
|
||||
}
|
||||
["o2\'file"]=>
|
||||
array(5) {
|
||||
["name"]=>
|
||||
string(13) "o2\'file2.txt"
|
||||
["type"]=>
|
||||
string(16) "text/plain-file2"
|
||||
["tmp_name"]=>
|
||||
string(14) "%s"
|
||||
["error"]=>
|
||||
int(0)
|
||||
["size"]=>
|
||||
int(1)
|
||||
}
|
||||
}
|
||||
string(12) "o1\'file.png"
|
||||
bool(true)
|
||||
string(%d) "%s"
|
||||
bool(true)
|
||||
Loading…
Reference in New Issue
Block a user