mirror of
https://github.com/php/php-src.git
synced 2025-08-20 01:14:28 +02:00
MFB: Fixed bug #38236 (Binary data gets corrupted on multipart/formdata
POST).
This commit is contained in:
Ilia Alshanetsky
parent
0e29c9a870
commit
d2579f9dd1
2 changed files with 40 additions and 30 deletions
|
|
@ -341,8 +341,7 @@ plain_var:
|
|||
|
||||
SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
|
||||
{
|
||||
char *var, *val;
|
||||
char *strtok_buf = NULL;
|
||||
char *var, *val, *e, *s, *p;
|
||||
zval *array_ptr = (zval *) arg;
|
||||
UConverter *input_conv = UG(http_input_encoding_conv);
|
||||
|
||||
|
|
@ -354,11 +353,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
|
|||
input_conv = ZEND_U_CONVERTER(UG(output_encoding_conv));
|
||||
}
|
||||
|
||||
var = php_strtok_r(SG(request_info).post_data, "&", &strtok_buf);
|
||||
s = SG(request_info).post_data;
|
||||
e = s + SG(request_info).post_data_length;
|
||||
|
||||
while (var) {
|
||||
val = strchr(var, '=');
|
||||
if (val) { /* have a value */
|
||||
while (s < e && (p = memchr(s, '&', (e - s)))) {
|
||||
last_value:
|
||||
if ((val = memchr(s, '=', (p - s)))) { /* have a value */
|
||||
if (UG(unicode)) {
|
||||
UChar *u_var, *u_val;
|
||||
int u_var_len, u_val_len;
|
||||
|
|
@ -366,10 +366,12 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
|
|||
int val_len;
|
||||
UErrorCode status1 = U_ZERO_ERROR, status2 = U_ZERO_ERROR;
|
||||
|
||||
*val++ = '\0';
|
||||
var_len = strlen(var);
|
||||
var = s;
|
||||
var_len = val - s;
|
||||
|
||||
php_url_decode(var, var_len);
|
||||
val_len = php_url_decode(val, strlen(val));
|
||||
val++;
|
||||
val_len = php_url_decode(val, (p - val));
|
||||
zend_convert_to_unicode(input_conv, &u_var, &u_var_len, var, var_len, &status1);
|
||||
zend_convert_to_unicode(input_conv, &u_val, &u_val_len, val, val_len, &status2);
|
||||
if (U_SUCCESS(status1) && U_SUCCESS(status2)) {
|
||||
|
|
@ -383,9 +385,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
|
|||
} else {
|
||||
unsigned int val_len, new_val_len;
|
||||
|
||||
*val++ = '\0';
|
||||
php_url_decode(var, strlen(var));
|
||||
val_len = php_url_decode(val, strlen(val));
|
||||
var = s;
|
||||
|
||||
php_url_decode(var, (val - s));
|
||||
val++;
|
||||
val_len = php_url_decode(val, (p - val));
|
||||
val = estrndup(val, val_len);
|
||||
if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) {
|
||||
php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC);
|
||||
|
|
@ -393,7 +397,11 @@ SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler)
|
|||
efree(val);
|
||||
}
|
||||
}
|
||||
var = php_strtok_r(NULL, "&", &strtok_buf);
|
||||
s = p + 1;
|
||||
}
|
||||
if (s < e) {
|
||||
p = e;
|
||||
goto last_value;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue