Sascha Schumann
836df2f798
Parse quoted boundary correctly
2000-10-20 23:40:07 +00:00
Zeev Suraski
9e5ef06ceb
Fix warning
2000-10-17 18:13:35 +00:00
Andi Gutmans
824fc6a084
- Move php_open_temporary_file() out of file.c
2000-09-11 18:56:47 +00:00
Zeev Suraski
b7ecaacd07
More security-related (control) patches:
...
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079
Security related updates:
...
- Introduce php_open_temporary_file(), in place of tempnam(). Still
needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
(was it ever tested?). Files moved with move_uploaded_file() will not be unlink()'d
again, to avoid (albeit very unlikely) race conditions.
2000-09-09 11:41:14 +00:00
Zeev Suraski
75086e3088
- Implemented is_upload_file()
2000-09-08 21:56:47 +00:00
Zeev Suraski
677d4b9913
Send $HTTP_POST_FILES to the right place
2000-09-07 04:12:31 +00:00
Zeev Suraski
eb32144902
- Remove track_vars - it is now always on
...
- Make the various $HTTP_*_VARS[] arrays be defined always,
even if they're empty
- Fix Win32 build and warnings
2000-09-05 19:06:29 +00:00
Zeev Suraski
efdd39207c
Protect arrays as well.
2000-09-04 22:26:01 +00:00
Zeev Suraski
5dca99232e
Prevent exploit in [tmp_name] as well
2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88
Fix the logic. Tested.
2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5
3rd time's a charm
2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b
Fix the fix
2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4
Fix the file upload security problem with no side effects (untested)
2000-09-04 19:07:50 +00:00
Rasmus Lerdorf
43fefff150
Quick-fix for the file upload security alert
...
@Quick-fix for the file upload security alert (Rasmus)
2000-09-04 05:09:46 +00:00
Rasmus Lerdorf
da1b7847b3
Support content-encoding headers in file upload mime parts
...
@- Support content-encoding headers in file upload MIME parts
@ (Ragnar Kjørstad)
2000-08-06 06:40:28 +00:00
Stanislav Malyshev
a790966b15
Fix file upload types array handling ( #5836 )
2000-07-30 11:22:18 +00:00
Rasmus Lerdorf
76061b701e
@ Add support for both indexed and non-indexed arrays of file uploads
...
@ eg. name="file[]" type="file" (Rasmus)
Add support for both indexed and non-indexed arrays of file uploads
eg. name="file[]" type="file" (Rasmus)
2000-06-04 05:46:28 +00:00
Zeev Suraski
e043439ff6
Update the license with the new clause 6
2000-05-18 15:34:45 +00:00
Andi Gutmans
1665cba750
- Change PHP_ to V_ (directory & file functions)
2000-04-15 14:20:01 +00:00
Zeev Suraski
69ff396312
*** empty log message ***
2000-04-02 22:15:14 +00:00
Zeev Suraski
18e0850ba1
@- Add $HTTP_POST_FILES[filename][tmp_name] - it was previously impossible to
...
@ retrieve the temporary name of an uploaded file using $HTTP_POST_FILES[] (Zeev)
- Changed IMAP Win32 definitions
2000-04-02 21:27:32 +00:00
Andi Gutmans
9df7df3293
- Baby steps... Use PHP_FOPEN()
2000-03-30 22:41:13 +00:00
Zeev Suraski
e5c8aeb3f1
- Protect $HTTP_POST_FILES[] as well
2000-02-26 18:59:29 +00:00
Zeev Suraski
9b621d1c8f
Get the license right... (this won't make it to RC1 of B4)
2000-02-19 23:21:46 +00:00
Zeev Suraski
739bdec582
Worked on beautifying rfc1867.c a bit
...
@- Introduced $HTTP_POST_FILES[], that contains information about files uploaded
@ through HTTP upload (Zeev)
2000-02-19 20:12:26 +00:00
Zeev Suraski
a6393de6f7
Make POST handling the way it should be. RFC1867, and any future POST handlers we might
...
have in the future now obey to the variables_order directive, and there's a real way modular
way to handle POST content.
This is all untested, BEFORE_SAPI_POST_PATCH_17_FEB_2000 tagged before submission
@- Made multipart/form-data content obey to the variables_order directive (Zeev)
2000-02-17 20:23:59 +00:00
Zeev Suraski
4a211a80fb
@- Fixed RFC1867 file upload under Windows (Zeev)
...
Fixed a memory leak
2000-02-15 22:51:18 +00:00
Thies C. Arntzen
829f4f334b
@- Workaround for bogus POST-Data from IE/Mac. (Thies)
...
@ Patch by Alain Malek <alain@virtua.ch>
fix #2944
2000-02-12 17:37:11 +00:00
Zeev Suraski
b2449f929c
- Change the argument order of php_register_variable() to something more
...
intuitive.
- Make the authentication variables be a part of the HTTP_SERVER_VARS[] array
2000-01-29 11:55:44 +00:00
Zeev Suraski
9ab35ae393
Tried to centralize global variable registration as much as possible:
...
- Added $HTTP_ENV_VARS[] and $HTTP_SERVER_VARS[] support, which similarly
to $HTTP_GET_VARS[], contain environment and server variables. Setting
register_globals to Off will now also prevent registration of the
environment and server variables into the global scope (Zeev)
- Renamed gpc_globals to register_globals (Zeev)
- Introduced variables_order that deprecates gpc_order, and allows control
over the server and environment variables, in addition to GET/POST/Cookies
(Zeev)
2000-01-28 17:24:53 +00:00
Zeev Suraski
270eff1dfe
Use a more general and descriptive name
2000-01-28 14:57:19 +00:00
Zeev Suraski
fc678100cd
post.c really had nothing to do with POST anymore, and it belongs to the top level directory
2000-01-28 13:31:12 +00:00
Zeev Suraski
3a35a6955d
Get rid of the old implementation
2000-01-28 12:53:05 +00:00
Sascha Schumann
43ae2bffbb
Happy Y2K patch! Happy new year (or the new millennium, depending on whether
...
you start counting at 0 or 1).
2000-01-01 01:32:05 +00:00
Zeev Suraski
235386b245
Change ALLOC_ZVAL() semantics
1999-12-26 21:21:33 +00:00
Andi Gutmans
3bf1b04cb4
- Move more stuff to ALLOC_ZVAL(). We need to add those FREE_ZVAL()'s now.
1999-12-24 17:39:27 +00:00
Zeev Suraski
a3c6514332
More php3_ annihilation
1999-12-17 19:51:39 +00:00
Sascha Schumann
4a60eed469
Fix some warnings
1999-12-05 16:25:32 +00:00
Sascha Schumann
5b983c944f
Clean up php3.*\.h files. The files itself are renamed, and references in all
...
.*\.[ch] files were changed. There is a slight chance that my script missed
a few changes, please correct them manually.
1999-12-04 19:19:57 +00:00
Thies C. Arntzen
b5c3c7bfc9
files are now resources, file.c is thread-safe, the le_ vars are no longer shared,
...
but they are accessible thru "php_file_le_socket(), php_file_le_uploads()..."
i also updated the ftp, pdf and file-upload stuff to match the new requirements.
@- Cleaned up File-Module (Thies)
1999-10-15 15:22:25 +00:00
Thies C. Arntzen
0cc1641447
starting to clean-up/new API'ize and resourcify the file-stuff - nothing happened yet - just renaming things around.
1999-10-12 18:50:05 +00:00
Zeev Suraski
98d95dd88e
- Added support for unknown POST content types (Zeev)
...
- Introduce the convert_to_*_ex() API in strlen()
1999-09-16 23:18:15 +00:00
Zeev Suraski
b2c0acb9ec
- Rewrote the GET/POST/Cookie data reader to support multi-dimensional
...
arrays! (Zeev)
This still needs a lot of more testing, but it seems to work more or less.
1999-09-12 23:51:12 +00:00
Zeev Suraski
1b6ccfe86c
Cleanups & optimizations
1999-09-11 14:09:29 +00:00
Zeev Suraski
fb910c64cd
Cleanups
1999-09-11 13:44:23 +00:00
Zeev Suraski
3cb1eb0471
Removed '3' from key functions in PHP (maintained compatibility through
...
php3_compat.h)
1999-08-02 19:17:14 +00:00
Zeev Suraski
c5724cbd14
License update
1999-07-16 13:13:16 +00:00
Zeev Suraski
c43c235427
Don't touch refcount and EA directly
1999-07-09 20:45:55 +00:00
Zeev Suraski
5f62c347c7
Step 2:
...
Rename is_ref to EA
1999-07-09 17:44:41 +00:00