mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-25 02:44:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
126,602 Commits 500 Branches 1,381 Tags 798 MiB
0462719999
Commit Graph

308 Commits

Author SHA1 Message Date
Ilia Alshanetsky
b5e12bd4da Fixed variable re-declaration 2011-01-18 13:17:23 +00:00
Felipe Pena
0203cc3d44 - Year++ 2011-01-01 02:17:06 +00:00
Dmitry Stogov
755c2cd0d8 Removed compile time dependency from ext/mbstring 2010-12-08 11:27:34 +00:00
Dmitry Stogov
dcb65e76da WS and cosmethic changes 2010-12-02 09:40:53 +00:00
Gustavo André dos Santos Lopes
e1aa908468 - Implemented FR #50692, not uploaded files don't count towards 
max_file_uploads limit.
- As a side improvement, temporary files are not opened for
  empty uploads and, in debug mode, 0-length uploads.
 2010-10-04 01:27:33 +00:00
Kalle Sommer Nielsen
159cd6916d Fixed compiler warnings in main/ 2010-08-17 12:49:19 +00:00
Kalle Sommer Nielsen
febee11285 Removed register_globals 2010-04-21 01:27:22 +00:00
Andrei Zmievski
f92fae2f66 I am sorry I tried fixing PHP without extensive discussion on the mailing list. 
I am sorry I tried fixing PHP without extensive discussion on the mailing list.
I am sorry I tried fixing PHP without extensive discussion on the mailing list.

Hope all the relevant parties are satisfied.
 2010-03-18 22:37:25 +00:00
Andrei Zmievski
3220f15ca2 Fix a few problems with large (2G-4G) file uploads. Added 
--enable-large-uploads-fix switch because one change was in SAPI.h structure.
 2010-03-18 21:07:38 +00:00
Sebastian Bergmann
9ba1e81665 sed -i "s#1997-2009#1997-2010#g" **/*.c **/*.h **/*.php 2010-01-03 09:23:27 +00:00
Jani Taskinen
72a9c6d37a - Sync with HEAD 2009-12-29 19:25:09 +00:00
Jani Taskinen
1a64bb9c05 - WS + CS + folding tags 2009-12-29 18:59:58 +00:00
Ilia Alshanetsky
c3230ad217 Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). 2009-12-29 15:57:54 +00:00
Rasmus Lerdorf
2e9c3ed919 Make it possible to disable post_max_size 2009-11-17 20:33:51 +00:00
Ilia Alshanetsky
2e13e89bd1 Simpify the max_file_uploads handling code 2009-11-16 13:34:57 +00:00
Ilia Alshanetsky
e2211cee86 Introduced a max_file_uploads INI setting, which is set to limit the 
number of file uploads per-request to 100 by default, to prevent possible
DOS via temporary file exhaustion.
 2009-10-27 16:13:48 +00:00
Sebastian Bergmann
08659c2dcd MFH: Bump copyright year, 3 of 3. 2008-12-31 11:15:49 +00:00
Arnaud Le Blanc
f5dd8c00a0 WS 2008-10-20 18:43:32 +00:00
Arnaud Le Blanc
0f31ed2f77 Better fix for #46313 2008-10-20 18:42:58 +00:00
Arnaud Le Blanc
c98e28795f Fixed #46313 (Magic quotes broke $_FILES) 
# magic_quotes_gpc was disabled during registration of $_FILES["x"]["tmp_name"]
# and $GLOBALS["x"] (which is tmp_name with register_globals enabled). This
# caused "x" to not be escaped so there was 2 different keys for the same file
# in $_FILES, one with tmp_name and the other without.
# All other variables (name, size, etc) are registered with magic_quotes_gpc
# untouched, both in $_FILES and $GLOBALS and I did not found a reason for
# disabling it for tmp_name.
 2008-10-20 17:09:10 +00:00
Nuno Lopes
8a77e55566 clean some dead code (with static analysis help) 2008-09-23 15:18:26 +00:00
Arnaud Le Blanc
ef38ff62a5 MFH: More accurate max_file_size / upload_max_filesize (fixes #45124) 2008-09-07 14:17:47 +00:00
Arnaud Le Blanc
898ff10dc0 MFH: Fixed #43540 (rfc1867 handler newlength problem) 2008-09-06 17:18:40 +00:00
Antony Dovgal
8f6b35ccd3 MFH: check if return value of write() is -1 and abort upload in this case setting the correct error status 2008-03-14 13:11:12 +00:00
Sebastian Bergmann
d1dded8751 MFH: Bump copyright year, 2 of 2. 2007-12-31 07:17:19 +00:00
Ilia Alshanetsky
20aa854940 Allow file uploads to bypass open_basedir checks (fixes regression) 2007-07-17 23:46:40 +00:00
Marcus Boerger
24fa61e202 - Drop superflous efree 2007-02-24 14:53:50 +00:00
Marcus Boerger
50ea26760d - Avoid sprintf, even when checked copy'n'paste or changes lead to errors 2007-02-24 02:17:47 +00:00
Sebastian Bergmann
4223aa4d5e MFH: Bump year. 2007-01-01 09:36:18 +00:00
Stefan Esser
abfc08dc82 If one name is disallowed don't drop all files 2006-09-29 10:05:34 +00:00
Stefan Esser
1e8fc23095 Delete empty temporary files if file upload hook forbids the upload 2006-09-19 11:34:19 +00:00
Rasmus Lerdorf
935b0c88e9 Minor tweak to the file upload hooks. The MULTIPART_EVENT_FORMDATA event 
was only triggering when an input filter was applied.  This simple change
makes the event also trigger when no filter is applied.  The newlength
pointer is set to NULL to let a downstream module differentiate between
the two cases.
 2006-09-09 22:06:27 +00:00
Ilia Alshanetsky
cfda15ffc1 Binary safe multipart request handling 2006-07-27 17:04:15 +00:00
Stefan Esser
cfac29e20e Added RFC1867 fileupload processing hook. 2006-07-22 16:38:29 +00:00
foobar
5bd93221a8 bump year and license version 2006-01-01 12:51:34 +00:00
foobar
23e671a51e - Bumber up year 2005-08-03 14:08:58 +00:00
Ilia Alshanetsky
85e237888c Fixed bug #33673 (Added detection for partially uploaded files). 2005-07-13 20:44:08 +00:00
Uwe Schindler
4558cdade6 Bug #32491 (File upload error - unable to create a temporary file) - Changing file upload from stdio to posix 2005-04-04 14:59:40 +00:00
Ilia Alshanetsky
7ee1fdb657 Prune uploaded file names to \ on all OSes, read comments for explanation. 2005-02-15 00:25:38 +00:00
Ilia Alshanetsky
d179e6aa40 Final version of filename upload handling. 2005-02-01 02:33:07 +00:00
Ilia Alshanetsky
71695f8159 Use multibyte specific code for handling files and generic basename based 
code in all other instances.
 2005-01-24 22:35:23 +00:00
Moriyoshi Koizumi
76d91f2a3d - Revert irrelevant part. 2005-01-24 16:47:18 +00:00
Ilia Alshanetsky
844cc09cd1 Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' 
get cutoff).
 2005-01-20 17:44:58 +00:00
Stefan Esser
224201e635 Fixed: strip quotes from filename 2004-11-20 18:49:36 +00:00
Ilia Alshanetsky
f41c40f63e Fixed bug #30750 (Meaningful error message when upload directory is not 
accessible).
 2004-11-11 00:38:04 +00:00
Stefan Esser
0f860d8f34 only allow valid arrays at this point 2004-09-13 16:00:23 +00:00
Stefan Esser
e7d698c7d8 New Rule: Never try to repair potential malicious user input 2004-09-12 10:45:14 +00:00
Sara Golemon
883e096ce6 Minor format specifier fixes 2004-08-11 04:27:01 +00:00
Ilia Alshanetsky
86efab2cc4 Fixed bug #29369 (Uploaded files with ' or " in their names get their names 
truncated at those characters).
 2004-07-25 19:19:26 +00:00
Andi Gutmans
e5cfb1d05c - Better stability during premature shutdown of request startup 2004-07-10 07:46:17 +00:00
Stefan Esser
bed3f4ce0b This is more correct. 2004-05-23 10:00:59 +00:00
Derick Rethans
cb1e4ab6c8 - Fixed TSRM problem in latest commit. 2004-05-21 08:16:13 +00:00
Derick Rethans
bc7ad69fbc - Fixed bug #28456 (Problem with enclosed / in uploaded file names) 2004-05-21 08:11:43 +00:00
Derick Rethans
500f634db9 - Fixed defines 2004-05-11 15:30:54 +00:00
Derick Rethans
fe576c7acb - Stopped file uploads from throwing E_WARNINGs and E_NOTICEs which can not be 
hidden from within scripts (and a result value in the $_FILES global can be
  used to see the real failure anyway).
 2004-03-25 21:27:23 +00:00
Derick Rethans
9ff10d086a - Revert bogus commit 2004-03-24 14:28:41 +00:00
Derick Rethans
2face60bef - Fixed NEWS 
#- Can we *please* keep this in order?
 2004-03-24 13:31:20 +00:00
Stefan Esser
debf069a58 better write into the correct buffer 2004-02-12 18:27:33 +00:00
Andi Gutmans
dbeb4158d2 - A belated happy holidays and PHP 5 2004-01-08 08:18:22 +00:00
Derick Rethans
8eb22d7b8d - Add comment, I put this ina week ago and it already confused me :) 2003-12-07 14:47:35 +00:00
Derick Rethans
750b0338bf - Fix sapi_input_filter patch. Returning 1 from the filter handler should 
make PHP register the variable, returning 0 shouldn't. The new length of
  the variables being filtered is now returned in the new_val_len argument
  of the function.
 2003-11-29 15:24:35 +00:00
Derick Rethans
370dfd39a9 - Prevent registration of the variable when a zero-length is returned 
from the sapi_input_filter.
 2003-11-26 09:53:22 +00:00
Stefan Esser
befbd6d793 Fix odd increments to repair the boundary checks. 2003-11-12 22:34:58 +00:00
Rui Hirokawa
744212ab45 added buffer reallocation for filename. 2003-11-05 23:27:41 +00:00
Stefan Esser
b763dd42c3 Fixed possible crashbug. 2003-11-03 11:46:33 +00:00
Stefan Esser
f670f9c683 It is usually a good idea to write only into allocated bufferspace. 2003-11-03 09:16:24 +00:00
Rui Hirokawa
0ce637835a name/value in multipart/form-date will be converted into internal encoding when mbstring.encoding_translation is On. 2003-10-22 14:14:05 +00:00
Moriyoshi Koizumi
fd9d9dea1c Fix build 2003-07-03 15:26:12 +00:00
foobar
50d3650a92 Cut the long line a bit for readability.. 2003-07-03 02:59:04 +00:00
Ilia Alshanetsky
a96aa89ae3 Compiler warning fix. 2003-07-03 00:55:20 +00:00
Rui Hirokawa
2b44c63d50 Fixed corruption of multibyte character including 0x5c as second 
byte in multipart/form-data.
 2003-06-28 23:37:18 +00:00
James Cox
f68c7ff249 updating license information in the headers. 2003-06-10 20:04:29 +00:00
Sara Golemon
dccf33b4e8 MFB(r-1.122.2.10) 
Bug#23765 File upload handler should not care about case sensitivity of header values.
 2003-05-23 21:40:45 +00:00
Ilia Alshanetsky
4e6997ddf9 Fixed bug #22550 (overflow protection for upload_max_filesize ini setting). 2003-03-05 17:00:09 +00:00
Rasmus Lerdorf
d08a0e99c8 An input filter might not simply strip stuff, it might also turn things 
into entities or use some other mechanism which causes the filtered data
to be longer than the original data.  Ergo, pass in the address of the
buffer instead so the filter is free to reallocate it.
 2003-02-20 22:21:49 +00:00
Rasmus Lerdorf
7429c2dc3f Input Filter support. See README.input_filter for details. 
@- Input Filter support added. See  README.input_filter. (Rasmus)
 2003-02-19 19:41:09 +00:00
foobar
8e3f23e3c0 ws fixes + missing $Id$ tags, headers added 2003-02-19 08:40:19 +00:00
Stefan Esser
58d65abbcb Adding support for anonymous fileuploads (#21450) 2003-01-06 23:51:28 +00:00
Sebastian Bergmann
2c5d4b8c23 Bump year. 2002-12-31 15:59:15 +00:00
Ilia Alshanetsky
1f50681813 Fixed bug #21149 (fixed handling of unterminated '['). 2002-12-29 21:02:17 +00:00
Stefan Esser
75d8056e11 cleanup 2002-12-14 10:45:25 +00:00
Ilia Alshanetsky
3c9a6a8890 Removed one more unneeded check. 2002-12-10 15:58:31 +00:00
Ilia Alshanetsky
ecc9c539d2 Removed a pointless check. Thanks Stefan. 2002-12-10 15:36:26 +00:00
Ilia Alshanetsky
8425dbd0bc Fixed bugs #20725 & #20860. Post form variables get lost if the uploaded 
files cannot be written to disk.
 2002-12-07 00:48:13 +00:00
Stefan Esser
9dae1475ef little fix 2002-11-22 19:34:17 +00:00
Stefan Esser
658fd1ba8d Fixing possible remote overflow due to mbstring translation. 2002-11-14 16:30:07 +00:00
Moriyoshi Koizumi
e8be0db546 Fixed build when mbstring is not used - my previous patch is insufficient. 2002-10-24 02:59:01 +00:00
Moriyoshi Koizumi
73ca375f37 MFH; we would see a nasty problem again if it was not fixed... 2002-10-24 02:56:28 +00:00
Moriyoshi Koizumi
74883a9583 Make php_mb_is_mb_leadbyte() obsolete. It only works with double-byte chars. 
# Sorry Marcus, it seems we were working simultaneously :)
 2002-10-23 23:25:27 +00:00
Moriyoshi Koizumi
afa9f42f47 Function renaming. 2002-10-23 19:51:50 +00:00
Moriyoshi Koizumi
b7703551ed Remaned the functions for consistency 2002-10-23 16:54:31 +00:00
Stefan Esser
46f4a07d1c Closing protected variables hole 2002-10-07 11:23:24 +00:00
Stefan Esser
20693c1ad4 IE does not use quotes but now we are safe... 2002-08-17 11:48:21 +00:00
Stefan Esser
ecaa0a091a fixed the user supplied patch for bug #18792 2002-08-17 11:31:06 +00:00
Dan Kalowsky
6c22f90b4a Fix for bug #18792 submitted by t.bubeck@reinform.de 
# talked this over with sterling and he believes it shouldn't break anything
# although there might be a need/desire to check for both ',' and ';'
 2002-08-16 19:34:43 +00:00
Stefan Esser
6f822fdcb7 A full hard disk is no reason to leak memory... 2002-08-08 12:40:51 +00:00
Marcus Boerger
de8c36dcaa -use const to clarify code 
-fix tsrmls build (therefore rfc1867.c)
 2002-08-02 10:22:31 +00:00
Rui Hirokawa
7527bf0c58 made sapi_register_treat_data() to support multibyte input encoding translation without MBSTR_ENC_TRANS and changed php_treat_data to php_default_treat_data. 2002-08-02 06:53:48 +00:00
Stefan Esser
11ac4e035c use Zend API to access llist count 2002-07-15 16:37:15 +00:00
foobar
02d3e99bf2 IF --disable-mbstr-enc-trans is used OR mbstring is compiled as shared 
extension, these functions are not available.
 2002-07-14 00:27:52 +00:00
foobar
ed58d3a235 - Added predefined constants for the upload errors. 
- Removed the debugging error (not useful for end-users)
 2002-07-12 01:49:58 +00:00
foobar
6a83870c49 Fix typo 2002-07-05 18:32:08 +00:00
Rui Hirokawa
ead78e9125 fixed shift_jis character corruption including 0x5c as second byte following a slash on uploaded filename. 2002-07-05 15:06:39 +00:00
Sebastian Bergmann
0e52055f70 Fix ZTS build. 2002-07-03 21:07:24 +00:00
Rui Hirokawa
bb21c40738 fixed shift_jis character corruption including 0x5c as second byte on uploaded filename. 2002-07-03 13:36:19 +00:00
Stefan Esser
5956656864 - Stay always in buffer 2002-06-07 08:00:12 +00:00
Stefan Esser
23ceadfe2b fixed multiline header detection (':' is valid within following lines) 
fixed fill_buffer to fill the buffer always completely
 2002-06-05 13:35:34 +00:00
Stefan Esser
a06a3e1f7f fixing some crashbugs that can be triggered with bogus uploads. 2002-06-05 11:28:33 +00:00
Derick Rethans
f3c71c43b0 - Don't issue a notice when no file was uploaded 2002-05-31 09:05:39 +00:00
Zeev Suraski
19b7861d70 0 byte file uploads are valid, avoid choking on them 2002-05-11 11:58:16 +00:00
foobar
ae2e36a4e5 Changed the error for 'no upload' to E_NOTICE so that it doesn't 
pollute the logs too much.

@- Fixed possible crash bug in HTTP uploads. (Patch: Lucas Schroeder)
 2002-04-23 00:14:08 +00:00
foobar
bccfe80480 Prevent crashing with some bogus POSTs. 2002-04-01 23:02:16 +00:00
foobar
f43ca8d2bc Fixed a bug with file_uploads=off -> normal post variables not set. 2002-03-30 02:58:19 +00:00
Stefan Esser
2872bce78a Fix: Now returns correct Content-Type with Opera 6.01 2002-03-10 11:03:04 +00:00
jim winstead
e68095972e Move type-handling functions into ext/standard/type.c (which had 
a few otherwise unused functions in it).
 2002-01-09 23:47:46 +00:00
Jon Parise
2720dc3c05 Nuke unused variable warning (end_arr). 2002-01-04 22:57:36 +00:00
Stefan Esser
99e72c9ae5 whitespace. - now i know how code should look like ... 2001-12-16 21:59:13 +00:00
Stefan Esser
dce6ba9e0f fixed: php_ap_getword was unaware of quotes 
filenames with ; in it could not get uploaded

fixed: php_ap_getword_conf sometimes returned a static
	string that crashs php when freed
	(f.e. uploading the file "crash; name=  ;"
	crashed php)

fixed: magic_quotes was disabled while filling
	variables with user supplied input

fixed: memoryleak (some strings did not get freed)

fixed: assuming that adress of "" is always the same
	may fail on some compilers
 2001-12-16 13:34:52 +00:00
Stefan Esser
58a5b6bfda fixed some minor bugs and reordered some code to fix array uploads. 2001-12-13 18:12:58 +00:00
Sebastian Bergmann
38933514e1 Update headers. 2001-12-11 15:32:16 +00:00
foobar
2605bd4b30 Store the read bytes so that some sapi modules know how much to read. 2001-12-05 00:44:17 +00:00
foobar
6083eb1030 - Handle more error types when uploading files. 2001-11-24 18:23:35 +00:00
Zeev Suraski
ee111cf9c8 whitespace 2001-11-24 16:07:05 +00:00
Zeev Suraski
a25ccbec2e whitespace 2001-11-24 16:05:22 +00:00
foobar
1e5e73e0ae - Nuked some memleaks 
- Changed the error to be set always. Otherwise the index for error
  wouldn't be correct in case of uploading multiple files within array.
  ( <input type="file" name="test[]"> )
 2001-11-16 03:34:26 +00:00
foobar
37dec69a7c No use of populating the hash if there is no file saved. 2001-11-16 01:06:48 +00:00
foobar
ae82e1ccf2 In case of submitting form without any files selected don't set 
the tmp_name.
 2001-11-15 15:37:02 +00:00
foobar
b893e59095 Make the filesize 0 when upload fails. And changed the error messages to be different from each other. 2001-11-11 01:51:17 +00:00
foobar
7d479f4abb Fix for bug: #14008. Still needs some minor changes but should give idea about this. 2001-11-11 00:45:31 +00:00
foobar
d6adcc98b5 After discussing with Rasmus, this line should be enough. Speak up if it is not. 2001-10-29 19:12:43 +00:00
foobar
3be12d1d9b - Added myself to authors. 
- Modified the clause about Apache to say what exactly was borrowed.

  Should there be the Apache license included in this file?
 2001-10-29 18:58:15 +00:00
foobar
44b68122c2 @- Fixed HTTP file upload support to handle big files better. (Jani) 
# There are some minor memleaks still..I tried to eliminate them but
# without luck. I'd be glad if someone could check this code out.
# Also, this uses the Apache libapreq. So there might be need to add some
# license thingie there too?
 2001-10-27 05:26:24 +00:00
Jeroen van Wolffelaar
c033288573 Back-substitute for Z_* macro's. If it breaks some extension (the script isn't optimal, it parses for example var->zval.value incorrect) please let me know. 2001-09-25 21:58:48 +00:00
Andi Gutmans
315c894da8 - Commit fix for bug #11998 by Ralf Bolte <r.bolte@gmx.net> 2001-09-23 19:17:44 +00:00
Derick Rethans
78747bd2df - Don't wrap lines... this is annoying while coding. 2001-09-09 13:29:31 +00:00
foobar
e46decaa32 First step for chunkifying the HTTP uploads. 2001-09-03 02:31:56 +00:00
Daniel Beulshausen
0dab84d065 fix SAPI_POST_* exports 2001-08-15 18:01:48 +00:00
Zeev Suraski
1159c84ab7 - TSRMLS_FETCH work 
- whitespace fixes
 2001-08-05 01:43:02 +00:00
Zeev Suraski
d76cf1da18 More TSRMLS_FETCH work 2001-07-31 04:53:54 +00:00
Zeev Suraski
d87cc976e1 Redesigned thread safety mechanism - nua nua 2001-07-28 11:36:37 +00:00
Zeev Suraski
fe6f8712a4 - Get rid of ELS_*(), and use TSRMLS_*() instead. 
- Move to the new ts_allocate_id() API
This patch is *bound* to break some files, as I must have had typos somewhere.
If you use any uncommon extension, please try to build it...
 2001-07-27 10:16:41 +00:00
Zeev Suraski
a9915bf69a Another layout fix 2001-07-16 20:43:18 +00:00
Zeev Suraski
b6064e5d3e Fix layout 
Guys - when submitting patches - please make sure you're not breaking
the layout of the code!  It's not less important than the patch
itself.
 2001-07-16 20:42:49 +00:00
foobar
b0ed727aee Fix one problem with Opera browsers. Tested with IE,NS,Opera. 
There can be also a \t before the 'filename=' part.
 2001-06-19 16:54:30 +00:00
Rasmus Lerdorf
81e2cf03ac Fix folding and clean up some extensions 2001-06-06 13:06:12 +00:00
Rasmus Lerdorf
25c3a3a39d vim-6 does folding - clean up a bunch of missing folding tags plus 
some misguided RINIT and RSHUTDOWN calls in a few fringe extensions
 2001-06-05 13:12:10 +00:00
foobar
bf417a3b72 Now the file uploads 'work' also on Lynx. This patch was submitted 
by Andreas Pistoor <andreas@erestor.f2s.com> and I have tested it a
quite long time now and didn't notive any problems. Bug: #9930
 2001-05-02 01:18:53 +00:00
Andi Gutmans
4c823e8a89 - Change macros from V_ to VCWD_ because of AIX name clash 2001-04-30 12:45:02 +00:00
Andi Gutmans
eb6ba01d1c - Fix copyright notices with 2001 2001-02-26 06:11:02 +00:00
Sascha Schumann
96ba644e9f Make the code match the comment. 
Prior to this change, the upload code tried to add mangled names to
the global HTTP_POST_FILES array, resulting in all kind of weird behaviour.

After this change, multi-dimensional form elements are treated correctly
and consistently.
 2001-01-19 15:39:35 +00:00