Commit Graph

55 Commits

Author SHA1 Message Date
Rasmus Lerdorf
c9f1fe638d Fix off by one error in file upload code 2000-12-08 14:28:14 +00:00
Stanislav Malyshev
1f7a3b3b11 Remove empty temp file on failed upload 2000-10-30 15:30:27 +00:00
Sascha Schumann
836df2f798 Parse quoted boundary correctly 2000-10-20 23:40:07 +00:00
Zeev Suraski
9e5ef06ceb Fix warning 2000-10-17 18:13:35 +00:00
Andi Gutmans
824fc6a084 - Move php_open_temporary_file() out of file.c 2000-09-11 18:56:47 +00:00
Zeev Suraski
b7ecaacd07 More security-related (control) patches:
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit.  Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
2000-09-09 15:02:15 +00:00
Zeev Suraski
6c4cb4c079 Security related updates:
- Introduce php_open_temporary_file(), in place of tempnam().  Still
  needs testing under UNIX (mkstemp()), works reliably under Windows now.
- Reimplement the mechanism for unlinking uploaded files at the end of the request
  (was it ever tested?).  Files moved with move_uploaded_file() will not be unlink()'d
  again, to avoid (albeit very unlikely) race conditions.
2000-09-09 11:41:14 +00:00
Zeev Suraski
75086e3088 - Implemented is_upload_file() 2000-09-08 21:56:47 +00:00
Zeev Suraski
677d4b9913 Send $HTTP_POST_FILES to the right place 2000-09-07 04:12:31 +00:00
Zeev Suraski
eb32144902 - Remove track_vars - it is now always on
- Make the various $HTTP_*_VARS[] arrays be defined always,
  even if they're empty
- Fix Win32 build and warnings
2000-09-05 19:06:29 +00:00
Zeev Suraski
efdd39207c Protect arrays as well. 2000-09-04 22:26:01 +00:00
Zeev Suraski
5dca99232e Prevent exploit in [tmp_name] as well 2000-09-04 22:05:00 +00:00
Zeev Suraski
60825fab88 Fix the logic. Tested. 2000-09-04 21:23:41 +00:00
Zeev Suraski
388170ffa5 3rd time's a charm 2000-09-04 20:47:52 +00:00
Zeev Suraski
b47050630b Fix the fix 2000-09-04 20:46:10 +00:00
Zeev Suraski
ed453cc9b4 Fix the file upload security problem with no side effects (untested) 2000-09-04 19:07:50 +00:00
Rasmus Lerdorf
43fefff150 Quick-fix for the file upload security alert
@Quick-fix for the file upload security alert (Rasmus)
2000-09-04 05:09:46 +00:00
Rasmus Lerdorf
da1b7847b3 Support content-encoding headers in file upload mime parts
@- Support content-encoding headers in file upload MIME parts
@  (Ragnar Kjørstad)
2000-08-06 06:40:28 +00:00
Stanislav Malyshev
a790966b15 Fix file upload types array handling (#5836) 2000-07-30 11:22:18 +00:00
Rasmus Lerdorf
76061b701e @ Add support for both indexed and non-indexed arrays of file uploads
@ eg. name="file[]" type="file" (Rasmus)
Add support for both indexed and non-indexed arrays of file uploads
eg. name="file[]" type="file" (Rasmus)
2000-06-04 05:46:28 +00:00
Zeev Suraski
e043439ff6 Update the license with the new clause 6 2000-05-18 15:34:45 +00:00
Andi Gutmans
1665cba750 - Change PHP_ to V_ (directory & file functions) 2000-04-15 14:20:01 +00:00
Zeev Suraski
69ff396312 *** empty log message *** 2000-04-02 22:15:14 +00:00
Zeev Suraski
18e0850ba1 @- Add $HTTP_POST_FILES[filename][tmp_name] - it was previously impossible to
@  retrieve the temporary name of an uploaded file using $HTTP_POST_FILES[] (Zeev)
- Changed IMAP Win32 definitions
2000-04-02 21:27:32 +00:00
Andi Gutmans
9df7df3293 - Baby steps... Use PHP_FOPEN() 2000-03-30 22:41:13 +00:00
Zeev Suraski
e5c8aeb3f1 - Protect $HTTP_POST_FILES[] as well 2000-02-26 18:59:29 +00:00
Zeev Suraski
9b621d1c8f Get the license right... (this won't make it to RC1 of B4) 2000-02-19 23:21:46 +00:00
Zeev Suraski
739bdec582 Worked on beautifying rfc1867.c a bit
@- Introduced $HTTP_POST_FILES[], that contains information about files uploaded
@  through HTTP upload (Zeev)
2000-02-19 20:12:26 +00:00
Zeev Suraski
a6393de6f7 Make POST handling the way it should be. RFC1867, and any future POST handlers we might
have in the future now obey to the variables_order directive, and there's a real way modular
way to handle POST content.
This is all untested, BEFORE_SAPI_POST_PATCH_17_FEB_2000 tagged before submission
@- Made multipart/form-data content obey to the variables_order directive (Zeev)
2000-02-17 20:23:59 +00:00
Zeev Suraski
4a211a80fb @- Fixed RFC1867 file upload under Windows (Zeev)
Fixed a memory leak
2000-02-15 22:51:18 +00:00
Thies C. Arntzen
829f4f334b @- Workaround for bogus POST-Data from IE/Mac. (Thies)
@  Patch by Alain Malek <alain@virtua.ch>
fix #2944
2000-02-12 17:37:11 +00:00
Zeev Suraski
b2449f929c - Change the argument order of php_register_variable() to something more
intuitive.
- Make the authentication variables be a part of the HTTP_SERVER_VARS[] array
2000-01-29 11:55:44 +00:00
Zeev Suraski
9ab35ae393 Tried to centralize global variable registration as much as possible:
- Added $HTTP_ENV_VARS[] and $HTTP_SERVER_VARS[] support, which similarly
  to $HTTP_GET_VARS[], contain environment and server variables.  Setting
  register_globals to Off will now also prevent registration of the
  environment and server variables into the global scope (Zeev)
- Renamed gpc_globals to register_globals (Zeev)
- Introduced variables_order that deprecates gpc_order, and allows control
  over the server and environment variables, in addition to GET/POST/Cookies
  (Zeev)
2000-01-28 17:24:53 +00:00
Zeev Suraski
270eff1dfe Use a more general and descriptive name 2000-01-28 14:57:19 +00:00
Zeev Suraski
fc678100cd post.c really had nothing to do with POST anymore, and it belongs to the top level directory 2000-01-28 13:31:12 +00:00
Zeev Suraski
3a35a6955d Get rid of the old implementation 2000-01-28 12:53:05 +00:00
Sascha Schumann
43ae2bffbb Happy Y2K patch! Happy new year (or the new millennium, depending on whether
you start counting at 0 or 1).
2000-01-01 01:32:05 +00:00
Zeev Suraski
235386b245 Change ALLOC_ZVAL() semantics 1999-12-26 21:21:33 +00:00
Andi Gutmans
3bf1b04cb4 - Move more stuff to ALLOC_ZVAL(). We need to add those FREE_ZVAL()'s now. 1999-12-24 17:39:27 +00:00
Zeev Suraski
a3c6514332 More php3_ annihilation 1999-12-17 19:51:39 +00:00
Sascha Schumann
4a60eed469 Fix some warnings 1999-12-05 16:25:32 +00:00
Sascha Schumann
5b983c944f Clean up php3.*\.h files. The files itself are renamed, and references in all
.*\.[ch] files were changed. There is a slight chance that my script missed
a few changes, please correct them manually.
1999-12-04 19:19:57 +00:00
Thies C. Arntzen
b5c3c7bfc9 files are now resources, file.c is thread-safe, the le_ vars are no longer shared,
but they are accessible thru "php_file_le_socket(), php_file_le_uploads()..."
i also updated the ftp, pdf and file-upload stuff to match the new requirements.
@- Cleaned up File-Module (Thies)
1999-10-15 15:22:25 +00:00
Thies C. Arntzen
0cc1641447 starting to clean-up/new API'ize and resourcify the file-stuff - nothing happened yet - just renaming things around. 1999-10-12 18:50:05 +00:00
Zeev Suraski
98d95dd88e - Added support for unknown POST content types (Zeev)
- Introduce the convert_to_*_ex() API in strlen()
1999-09-16 23:18:15 +00:00
Zeev Suraski
b2c0acb9ec - Rewrote the GET/POST/Cookie data reader to support multi-dimensional
arrays! (Zeev)

This still needs a lot of more testing, but it seems to work more or less.
1999-09-12 23:51:12 +00:00
Zeev Suraski
1b6ccfe86c Cleanups & optimizations 1999-09-11 14:09:29 +00:00
Zeev Suraski
fb910c64cd Cleanups 1999-09-11 13:44:23 +00:00
Zeev Suraski
3cb1eb0471 Removed '3' from key functions in PHP (maintained compatibility through
php3_compat.h)
1999-08-02 19:17:14 +00:00
Zeev Suraski
c5724cbd14 License update 1999-07-16 13:13:16 +00:00