diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2006-07-27 15:37:56 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2006-07-27 15:37:56 +0000 |
| commit | 7ba86d078ff3682b07b3c7375b9b279ed987bb32 (patch) | |
| tree | d42309ca7e8a6852b2017ae4abd6cbd7c5662626 | |
| parent | 96324fb67ff399c071d2af73db82f292c7af9ec6 (diff) | |
| download | php-git-7ba86d078ff3682b07b3c7375b9b279ed987bb32.tar.gz | |
Fixed bug #38236 (Binary data gets corrupted on multipart/formdata POST).
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | main/php_variables.c | 26 |
2 files changed, 18 insertions, 10 deletions
@@ -15,6 +15,8 @@ PHP NEWS . Fixed bug #37564 (AES privacy encryption not possible due to net-snmp 5.2 compatibility issue). (Patch: scott dot moynes+php at gmail dot com) +- Fixed bug #38236 (Binary data gets corrupted on multipart/formdata POST). + (Ilia) - Fixed bug #38234 (Exception in __clone makes memory leak). (Dmitry, Nuno) - Fixed bug #38229 (strtotime() does not parse YYYY-MM format). (Ilia) - Fixed bug #38224 (session extension can't handle broken cookies). (Ilia) diff --git a/main/php_variables.c b/main/php_variables.c index f1570e94dd..789511391f 100644 --- a/main/php_variables.c +++ b/main/php_variables.c @@ -216,31 +216,37 @@ plain_var: SAPI_API SAPI_POST_HANDLER_FUNC(php_std_post_handler) { - char *var, *val; - char *strtok_buf = NULL; + char *var, *val, *e, *s, *p; zval *array_ptr = (zval *) arg; if (SG(request_info).post_data == NULL) { return; } - var = php_strtok_r(SG(request_info).post_data, "&", &strtok_buf); + s = SG(request_info).post_data; + e = s + SG(request_info).post_data_length; - while (var) { - val = strchr(var, '='); - if (val) { /* have a value */ + while (s < e && (p = memchr(s, '&', (e - s)))) { +last_value: + if ((val = memchr(s, '=', (p - s)))) { /* have a value */ unsigned int val_len, new_val_len; - *val++ = '\0'; - php_url_decode(var, strlen(var)); - val_len = php_url_decode(val, strlen(val)); + var = s; + + php_url_decode(var, (val - s)); + val++; + val_len = php_url_decode(val, (p - val)); val = estrndup(val, val_len); if (sapi_module.input_filter(PARSE_POST, var, &val, val_len, &new_val_len TSRMLS_CC)) { php_register_variable_safe(var, val, new_val_len, array_ptr TSRMLS_CC); } efree(val); } - var = php_strtok_r(NULL, "&", &strtok_buf); + s = p + 1; + } + if (s < e) { + p = e; + goto last_value; } } |