You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apreq-cvs@httpd.apache.org by jo...@apache.org on 2002/02/10 14:48:37 UTC
cvs commit: httpd-apreq/c apache_request.c
joes 02/02/10 05:48:37
Modified: c apache_request.c
Log:
Workaround for Mozilla empty file uploads (missing a CRLF).
Also includes a bugfix: DISABLE_UPLOADS should allow
multipart/form-data posts that don't contain file upload fields.
Revision Changes Path
1.16 +12 -5 httpd-apreq/c/apache_request.c
Index: apache_request.c
===================================================================
RCS file: /home/cvs/httpd-apreq/c/apache_request.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- apache_request.c 31 Jan 2002 06:35:12 -0000 1.15
+++ apache_request.c 10 Feb 2002 13:48:37 -0000 1.16
@@ -58,6 +58,7 @@
#include "apache_request.h"
#include "apache_multipart_buffer.h"
+int fill_buffer(multipart_buffer *self); /* needed for mozilla hack */
static void req_plustospace(char *str)
{
@@ -381,11 +382,6 @@
multipart_buffer *mbuff;
ApacheUpload *upload = NULL;
- if (req->disable_uploads) {
- ap_log_rerror(REQ_ERROR, "[libapreq] file upload forbidden");
- return HTTP_FORBIDDEN;
- }
-
if (!ct) {
ap_log_rerror(REQ_ERROR, "[libapreq] no Content-type header!");
return HTTP_INTERNAL_SERVER_ERROR;
@@ -447,6 +443,12 @@
continue;
}
if (!param) continue; /* shouldn't happen, but just in case. */
+
+ if (req->disable_uploads) {
+ ap_log_rerror(REQ_ERROR, "[libapreq] file upload forbidden");
+ return HTTP_FORBIDDEN;
+ }
+
ap_table_add(req->parms, param, filename);
if (upload) {
@@ -465,6 +467,11 @@
upload->info = header;
upload->filename = ap_pstrdup(req->r->pool, filename);
upload->name = ap_pstrdup(req->r->pool, param);
+
+ /* mozilla empty-file (missing CRLF) hack */
+ fill_buffer(mbuff);
+ if(strEQ(mbuff->buf_begin, mbuff->boundary))
+ continue;
while ((blen = multipart_buffer_read(mbuff, buff, sizeof(buff)))) {
if (req->upload_hook != NULL) {