diff options
Diffstat (limited to 'main/rfc1867.c')
| -rw-r--r-- | main/rfc1867.c | 52 |
1 files changed, 24 insertions, 28 deletions
diff --git a/main/rfc1867.c b/main/rfc1867.c index 828b432c1f..1eda4f94c2 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -203,8 +203,7 @@ static void normalize_protected_variable(char *varname TSRMLS_DC) index = NULL; } } - - *s = '\0'; + *s++='\0'; } @@ -611,7 +610,7 @@ static char *substring_conf(char *start, int len, char quote TSRMLS_DC) } } - *resp = '\0'; + *resp++ = '\0'; return result; } @@ -789,6 +788,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) int str_len = 0, num_vars = 0, num_vars_max = 2*10, *len_list = NULL; char **val_list = NULL; #endif + zend_bool magic_quotes_gpc; multipart_buffer *mbuff; zval *array_ptr = (zval *) arg; int fd=-1; @@ -925,7 +925,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) if (sapi_module.input_filter(PARSE_POST, param, &value, value_len, &new_val_len TSRMLS_CC)) { if (php_rfc1867_callback != NULL) { multipart_event_formdata event_formdata; - size_t newlength = new_val_len; + size_t newlength = 0; event_formdata.post_bytes_processed = SG(read_post_bytes); event_formdata.name = param; @@ -1077,12 +1077,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) } - if (PG(upload_max_filesize) > 0 && (total_bytes+blen) > PG(upload_max_filesize)) { + if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) { #if DEBUG_FILE_UPLOAD sapi_module.sapi_error(E_NOTICE, "upload_max_filesize of %ld bytes exceeded - file [%s=%s] not saved", PG(upload_max_filesize), param, filename); #endif cancel_upload = UPLOAD_ERROR_A; - } else if (max_file_size && ((total_bytes+blen) > max_file_size)) { + } else if (max_file_size && (total_bytes > max_file_size)) { #if DEBUG_FILE_UPLOAD sapi_module.sapi_error(E_NOTICE, "MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved", max_file_size, param, filename); #endif @@ -1279,30 +1279,26 @@ filedone: } s = ""; - { - /* store temp_filename as-is (without magic_quotes_gpc-ing it, in case upload_tmp_dir - * contains escapeable characters. escape only the variable name.) */ - zval zfilename; - - /* Initialize variables */ - add_protected_variable(param TSRMLS_CC); + /* Initialize variables */ + add_protected_variable(param TSRMLS_CC); - /* if param is of form xxx[.*] this will cut it to xxx */ - if (!is_anonymous) { - ZVAL_STRING(&zfilename, temp_filename, 1); - safe_php_register_variable_ex(param, &zfilename, NULL, 1 TSRMLS_CC); - } - - /* Add $foo[tmp_name] */ - if (is_arr_upload) { - snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index); - } else { - snprintf(lbuf, llen, "%s[tmp_name]", param); - } - add_protected_variable(lbuf TSRMLS_CC); - ZVAL_STRING(&zfilename, temp_filename, 1); - register_http_post_files_variable_ex(lbuf, &zfilename, http_post_files, 1 TSRMLS_CC); + magic_quotes_gpc = PG(magic_quotes_gpc); + PG(magic_quotes_gpc) = 0; + /* if param is of form xxx[.*] this will cut it to xxx */ + if (!is_anonymous) { + safe_php_register_variable(param, temp_filename, strlen(temp_filename), NULL, 1 TSRMLS_CC); } + + /* Add $foo[tmp_name] */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s[tmp_name][%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s[tmp_name]", param); + } + add_protected_variable(lbuf TSRMLS_CC); + register_http_post_files_variable(lbuf, temp_filename, http_post_files, 1 TSRMLS_CC); + + PG(magic_quotes_gpc) = magic_quotes_gpc; { zval file_size, error_type; |