diff --git a/ext/session/tests/rfc1867.phpt b/ext/session/tests/rfc1867.phpt index a5ae8b22181..aed179d7573 100644 --- a/ext/session/tests/rfc1867.phpt +++ b/ext/session/tests/rfc1867.phpt @@ -54,9 +54,11 @@ string(%d) "rfc1867" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -67,9 +69,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_cleanup.phpt b/ext/session/tests/rfc1867_cleanup.phpt index 9baa6144ba6..9a0bf626f33 100644 --- a/ext/session/tests/rfc1867_cleanup.phpt +++ b/ext/session/tests/rfc1867_cleanup.phpt @@ -54,9 +54,11 @@ string(%d) "rfc1867-cleanup" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -67,9 +69,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_disabled.phpt b/ext/session/tests/rfc1867_disabled.phpt index 8d8effd1f42..43c1079064d 100644 --- a/ext/session/tests/rfc1867_disabled.phpt +++ b/ext/session/tests/rfc1867_disabled.phpt @@ -47,9 +47,11 @@ session_destroy(); string(%d) "rfc1867-disabled" array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -60,9 +62,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_disabled_2.phpt b/ext/session/tests/rfc1867_disabled_2.phpt index c539c6eaeae..f2ff6ebb964 100644 --- a/ext/session/tests/rfc1867_disabled_2.phpt +++ b/ext/session/tests/rfc1867_disabled_2.phpt @@ -47,9 +47,11 @@ session_destroy(); string(%d) "rfc1867-disabled-2" array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -60,9 +62,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_inter.phpt b/ext/session/tests/rfc1867_inter.phpt index fd28dfe07a3..db0ca00a05d 100644 --- a/ext/session/tests/rfc1867_inter.phpt +++ b/ext/session/tests/rfc1867_inter.phpt @@ -57,9 +57,11 @@ session_destroy(); string(%d) "rfc1867-inter" array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -70,9 +72,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_no_name.phpt b/ext/session/tests/rfc1867_no_name.phpt index 15877a664e6..b27120dc5bb 100644 --- a/ext/session/tests/rfc1867_no_name.phpt +++ b/ext/session/tests/rfc1867_no_name.phpt @@ -47,9 +47,11 @@ session_destroy(); string(%d) "rfc1867-no-name" array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -60,9 +62,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_sid_cookie.phpt b/ext/session/tests/rfc1867_sid_cookie.phpt index 85c28934f44..9acd8d68f80 100644 --- a/ext/session/tests/rfc1867_sid_cookie.phpt +++ b/ext/session/tests/rfc1867_sid_cookie.phpt @@ -53,9 +53,11 @@ string(%d) "rfc1867-sid-cookie" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -66,9 +68,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_sid_get.phpt b/ext/session/tests/rfc1867_sid_get.phpt index dfb192cb47c..b9dde7bb2ed 100644 --- a/ext/session/tests/rfc1867_sid_get.phpt +++ b/ext/session/tests/rfc1867_sid_get.phpt @@ -51,9 +51,11 @@ string(%d) "rfc1867-sid-get" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -64,9 +66,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_sid_get_2.phpt b/ext/session/tests/rfc1867_sid_get_2.phpt index 33e4489cc8b..4f0f598a8a5 100644 --- a/ext/session/tests/rfc1867_sid_get_2.phpt +++ b/ext/session/tests/rfc1867_sid_get_2.phpt @@ -53,9 +53,11 @@ string(%d) "rfc1867-sid-get-2" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -66,9 +68,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_sid_invalid.phpt b/ext/session/tests/rfc1867_sid_invalid.phpt index 4d8372c5381..23e3bdcd37c 100644 --- a/ext/session/tests/rfc1867_sid_invalid.phpt +++ b/ext/session/tests/rfc1867_sid_invalid.phpt @@ -65,9 +65,11 @@ string(%d) "" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -78,9 +80,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_sid_only_cookie.phpt b/ext/session/tests/rfc1867_sid_only_cookie.phpt index 54897b91c85..d438068c8f6 100644 --- a/ext/session/tests/rfc1867_sid_only_cookie.phpt +++ b/ext/session/tests/rfc1867_sid_only_cookie.phpt @@ -53,9 +53,11 @@ string(%d) "rfc1867-sid-only-cookie" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -66,9 +68,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_sid_only_cookie_2.phpt b/ext/session/tests/rfc1867_sid_only_cookie_2.phpt index 3fd46148d72..698fc1609d3 100644 --- a/ext/session/tests/rfc1867_sid_only_cookie_2.phpt +++ b/ext/session/tests/rfc1867_sid_only_cookie_2.phpt @@ -50,9 +50,11 @@ string(%d) "%s" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -63,9 +65,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/ext/session/tests/rfc1867_sid_post.phpt b/ext/session/tests/rfc1867_sid_post.phpt index f22f1534039..4ab3e6c33ef 100644 --- a/ext/session/tests/rfc1867_sid_post.phpt +++ b/ext/session/tests/rfc1867_sid_post.phpt @@ -49,9 +49,11 @@ string(%d) "rfc1867-sid-post" bool(true) array(2) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -62,9 +64,11 @@ array(2) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/main/rfc1867.c b/main/rfc1867.c index 583b3166d53..315e87b0414 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -55,7 +55,7 @@ PHPAPI int (*php_rfc1867_callback)(unsigned int event, void *event_data, void ** static void safe_php_register_variable(char *var, char *strval, size_t val_len, zval *track_vars_array, bool override_protection); /* The longest property name we use in an uploaded file array */ -#define MAX_SIZE_OF_INDEX sizeof("[tmp_name]") +#define MAX_SIZE_OF_INDEX sizeof("[full_path]") /* The longest anonymous name */ #define MAX_SIZE_ANONNAME 33 @@ -1142,9 +1142,20 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) /* {{{ */ snprintf(lbuf, llen, "%s[name]", param); } register_http_post_files_variable(lbuf, s, &PG(http_globals)[TRACK_VARS_FILES], 0); - efree(filename); s = NULL; + /* Add full path of supplied file for folder uploads via + * + */ + /* Add $foo[full_path] */ + if (is_arr_upload) { + snprintf(lbuf, llen, "%s[full_path][%s]", abuf, array_index); + } else { + snprintf(lbuf, llen, "%s[full_path]", param); + } + register_http_post_files_variable(lbuf, filename, &PG(http_globals)[TRACK_VARS_FILES], 0); + efree(filename); + /* Possible Content-Type: */ if (cancel_upload || !(cd = php_mime_get_hdr_value(header, "Content-Type"))) { cd = ""; diff --git a/sapi/cli/tests/php_cli_server_005.phpt b/sapi/cli/tests/php_cli_server_005.phpt index 41e57881a10..339f2542449 100644 --- a/sapi/cli/tests/php_cli_server_005.phpt +++ b/sapi/cli/tests/php_cli_server_005.phpt @@ -52,9 +52,11 @@ Content-type: text/html; charset=UTF-8 array(1) { ["userfile"]=> - array(5) { + array(6) { ["name"]=> string(12) "laruence.txt" + ["full_path"]=> + string(12) "laruence.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> diff --git a/tests/basic/021.phpt b/tests/basic/021.phpt index eeaf58869b0..37e853e58ac 100644 --- a/tests/basic/021.phpt +++ b/tests/basic/021.phpt @@ -24,9 +24,11 @@ var_dump($_POST); --EXPECTF-- array(1) { ["pics"]=> - array(5) { + array(6) { ["name"]=> string(12) "bug37276.txt" + ["full_path"]=> + string(12) "bug37276.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> diff --git a/tests/basic/029.phpt b/tests/basic/029.phpt index 21d9082cffb..d720cbc6ba9 100644 --- a/tests/basic/029.phpt +++ b/tests/basic/029.phpt @@ -32,9 +32,11 @@ var_dump($_POST); --EXPECTF-- array(1) { ["pics"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> diff --git a/tests/basic/bug55500.phpt b/tests/basic/bug55500.phpt index 2f9e393348a..4f2387e0f18 100644 --- a/tests/basic/bug55500.phpt +++ b/tests/basic/bug55500.phpt @@ -36,12 +36,17 @@ var_dump($_POST); --EXPECTF-- array(1) { ["file"]=> - array(5) { + array(6) { ["name"]=> array(1) { [0]=> string(9) "file1.txt" } + ["full_path"]=> + array(1) { + [0]=> + string(9) "file1.txt" + } ["type"]=> array(1) { [0]=> diff --git a/tests/basic/rfc1867_anonymous_upload.phpt b/tests/basic/rfc1867_anonymous_upload.phpt index 5650b5cd5db..923ee3e258d 100644 --- a/tests/basic/rfc1867_anonymous_upload.phpt +++ b/tests/basic/rfc1867_anonymous_upload.phpt @@ -25,9 +25,11 @@ var_dump($_POST); --EXPECTF-- array(2) { [%d]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(16) "text/plain-file1" ["tmp_name"]=> @@ -38,9 +40,11 @@ array(2) { int(1) } [%d]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(16) "text/plain-file2" ["tmp_name"]=> diff --git a/tests/basic/rfc1867_array_upload.phpt b/tests/basic/rfc1867_array_upload.phpt index 90ed0c36e02..9f48e59913c 100644 --- a/tests/basic/rfc1867_array_upload.phpt +++ b/tests/basic/rfc1867_array_upload.phpt @@ -30,7 +30,7 @@ var_dump($_POST); --EXPECTF-- array(1) { ["file"]=> - array(5) { + array(6) { ["name"]=> array(3) { [0]=> @@ -40,6 +40,15 @@ array(1) { [3]=> string(9) "file3.txt" } + ["full_path"]=> + array(3) { + [0]=> + string(9) "file1.txt" + [2]=> + string(9) "file2.txt" + [3]=> + string(9) "file3.txt" + } ["type"]=> array(3) { [0]=> diff --git a/tests/basic/rfc1867_empty_upload.phpt b/tests/basic/rfc1867_empty_upload.phpt index 2b89ca8888b..c8a96955be9 100644 --- a/tests/basic/rfc1867_empty_upload.phpt +++ b/tests/basic/rfc1867_empty_upload.phpt @@ -40,9 +40,11 @@ if (is_uploaded_file($_FILES["file3"]["tmp_name"])) { --EXPECTF-- array(3) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(16) "text/plain-file1" ["tmp_name"]=> @@ -53,9 +55,11 @@ array(3) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(0) "" + ["full_path"]=> + string(0) "" ["type"]=> string(0) "" ["tmp_name"]=> @@ -66,9 +70,11 @@ array(3) { int(0) } ["file3"]=> - array(5) { + array(6) { ["name"]=> string(9) "file3.txt" + ["full_path"]=> + string(9) "file3.txt" ["type"]=> string(16) "text/plain-file3" ["tmp_name"]=> diff --git a/tests/basic/rfc1867_max_file_size.phpt b/tests/basic/rfc1867_max_file_size.phpt index 8d585f75032..81133e30a2d 100644 --- a/tests/basic/rfc1867_max_file_size.phpt +++ b/tests/basic/rfc1867_max_file_size.phpt @@ -40,9 +40,11 @@ if (is_uploaded_file($_FILES["file3"]["tmp_name"])) { --EXPECTF-- array(3) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(16) "text/plain-file1" ["tmp_name"]=> @@ -53,9 +55,11 @@ array(3) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -66,9 +70,11 @@ array(3) { int(0) } ["file3"]=> - array(5) { + array(6) { ["name"]=> string(9) "file3.txt" + ["full_path"]=> + string(20) "C:\foo\bar/file3.txt" ["type"]=> string(16) "text/plain-file3" ["tmp_name"]=> diff --git a/tests/basic/rfc1867_max_file_uploads_empty_files.phpt b/tests/basic/rfc1867_max_file_uploads_empty_files.phpt index b85ed209719..e95b8454d13 100644 --- a/tests/basic/rfc1867_max_file_uploads_empty_files.phpt +++ b/tests/basic/rfc1867_max_file_uploads_empty_files.phpt @@ -40,9 +40,11 @@ if (is_uploaded_file($_FILES["file4"]["tmp_name"])) { --EXPECTF-- array(4) { ["file2"]=> - array(5) { + array(6) { ["name"]=> string(0) "" + ["full_path"]=> + string(0) "" ["type"]=> string(0) "" ["tmp_name"]=> @@ -53,9 +55,11 @@ array(4) { int(0) } ["file3"]=> - array(5) { + array(6) { ["name"]=> string(0) "" + ["full_path"]=> + string(0) "" ["type"]=> string(0) "" ["tmp_name"]=> @@ -66,9 +70,11 @@ array(4) { int(0) } ["file4"]=> - array(5) { + array(6) { ["name"]=> string(9) "file4.txt" + ["full_path"]=> + string(9) "file4.txt" ["type"]=> string(15) "text/plain-file" ["tmp_name"]=> @@ -79,9 +85,11 @@ array(4) { int(0) } ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(15) "text/plain-file" ["tmp_name"]=> diff --git a/tests/basic/rfc1867_missing_boundary_2.phpt b/tests/basic/rfc1867_missing_boundary_2.phpt index d3f93f83871..7011a2d86b8 100644 --- a/tests/basic/rfc1867_missing_boundary_2.phpt +++ b/tests/basic/rfc1867_missing_boundary_2.phpt @@ -18,9 +18,11 @@ var_dump($_POST); --EXPECT-- array(1) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(0) "" ["tmp_name"]=> diff --git a/tests/basic/rfc1867_multiple_webkitdirectory.phpt b/tests/basic/rfc1867_multiple_webkitdirectory.phpt new file mode 100644 index 00000000000..00dc12fda60 --- /dev/null +++ b/tests/basic/rfc1867_multiple_webkitdirectory.phpt @@ -0,0 +1,74 @@ +--TEST-- +Request #77372 (Relative file path is removed from uploaded file) +--INI-- +file_uploads=1 +upload_max_filesize=1024 +max_file_uploads=10 +--POST_RAW-- +Content-Type: multipart/form-data; boundary=---------------------------64369134225794159231042985467 +-----------------------------64369134225794159231042985467 +Content-Disposition: form-data; name="files[]"; filename="directory/subdirectory/file2.txt" +Content-Type: text/plain + +2 +-----------------------------64369134225794159231042985467 +Content-Disposition: form-data; name="files[]"; filename="directory/file1.txt" +Content-Type: text/plain + +1 +-----------------------------64369134225794159231042985467-- +--FILE-- + +--EXPECTF-- +array(1) { + ["files"]=> + array(6) { + ["name"]=> + array(2) { + [0]=> + string(9) "file2.txt" + [1]=> + string(9) "file1.txt" + } + ["full_path"]=> + array(2) { + [0]=> + string(32) "directory/subdirectory/file2.txt" + [1]=> + string(19) "directory/file1.txt" + } + ["type"]=> + array(2) { + [0]=> + string(10) "text/plain" + [1]=> + string(10) "text/plain" + } + ["tmp_name"]=> + array(2) { + [0]=> + string(%d) "%s" + [1]=> + string(%d) "%s" + } + ["error"]=> + array(2) { + [0]=> + int(0) + [1]=> + int(0) + } + ["size"]=> + array(2) { + [0]=> + int(1) + [1]=> + int(1) + } + } +} +array(0) { +} diff --git a/tests/basic/rfc1867_post_max_filesize.phpt b/tests/basic/rfc1867_post_max_filesize.phpt index b03220e915a..f8e99e574fd 100644 --- a/tests/basic/rfc1867_post_max_filesize.phpt +++ b/tests/basic/rfc1867_post_max_filesize.phpt @@ -36,9 +36,11 @@ if (is_uploaded_file($_FILES["file3"]["tmp_name"])) { --EXPECTF-- array(3) { ["file1"]=> - array(5) { + array(6) { ["name"]=> string(9) "file1.txt" + ["full_path"]=> + string(9) "file1.txt" ["type"]=> string(16) "text/plain-file1" ["tmp_name"]=> @@ -49,9 +51,11 @@ array(3) { int(1) } ["file2"]=> - array(5) { + array(6) { ["name"]=> string(9) "file2.txt" + ["full_path"]=> + string(9) "file2.txt" ["type"]=> string(0) "" ["tmp_name"]=> @@ -62,9 +66,11 @@ array(3) { int(0) } ["file3"]=> - array(5) { + array(6) { ["name"]=> string(9) "file3.txt" + ["full_path"]=> + string(9) "file3.txt" ["type"]=> string(16) "text/plain-file3" ["tmp_name"]=>