php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #11737 File upload generates warning
Submitted: 2001-06-27 10:09 UTC Modified: 2001-06-29 21:21 UTC
From: paul dot busse at ubizen dot com Assigned:
Status: Closed Package: HTTP related
PHP Version: 4.0.5 OS: Redhat 7.0
Private report: No CVE-ID: None
View Developer Edit
 [2001-06-27 10:09 UTC] paul dot busse at ubizen dot com 
When uploading a file using post, data after a closing boundary (see rfcs 1876 and 1521). This is a boundary with two dashes added to it. If this is the case the remainder of the content can be ignored.
If there are more then two bytes after the last boundary in the file PHP will issue a(n unappropriate) warning saying that its MIME headers are garbled.
I modified "./main/rfc1876.c" as follows: (diff -p output)

*** rfc1867.c.good      Wed Jun 27 15:50:32 2001
--- rfc1867.c   Wed Jun 27 15:50:12 2001
*************** static void php_mime_split(char *buf, in
*** 142,147 ****
--- 142,152 ----
                eolsize = 1;
              }
  
+             if(*(loc+len)=='-' && *(loc+len+1)=='-' ) {
+               Done=1;
+               break;
+             }
+ 
              rem -= (loc - ptr) + len + eolsize;
              ptr = loc + len + eolsize;
            } else {

Good luck to you

Paul

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-06-27 13:38 UTC] sniper@php.net 
Please try PHP 4.0.6 first.There were couple of fixes
in it which might have fixed this too. 

And with which browser can this be reproduced?

--Jani
 [2001-06-28 11:27 UTC] paul dot busse at ubizen dot com 
Unfortunately I do not have time to test PHP 4.0.6. I'm on holiday for the next two weeks so I won't be testing it before august. However let me try to explain the letter a little better.

A multipart MIME has a "closing boundary". The term "closing boundary" is defined in RFC 1521. Data after the closing boundary should be ignored. PHP does not test for this closing boundary. This means that it does not detect the end of the multipart MIME but considers the bytes following the closing boundary as a new part of the MIME document. This causes the warning.

I used a perl script to generate the problem. The perl script implements the example in the manual page of HTTP::Request::Common where they explain how to upload files. It is based on the perl libwww module.

I hope that this clarifies the problem

Regards

Paul
 [2001-06-28 11:50 UTC] paul dot busse at ubizen dot com 
Unfortunately I do not have time to test PHP 4.0.6. I'm on holiday for the next two weeks so I won't be testing it before august. However let me try to explain the letter a little better.

A multipart MIME has a "closing boundary". The term "closing boundary" is defined in RFC 1521. Data after the closing boundary should be ignored. PHP does not test for this closing boundary. This means that it does not detect the end of the multipart MIME but considers the bytes following the closing boundary as a new part of the MIME document. This causes the warning.

I used a perl script to generate the problem. The perl script implements the example in the manual page of HTTP::Request::Common where they explain how to upload files. It is based on the perl libwww module.

I hope that this clarifies the problem

Regards

Paul
 [2001-06-29 21:21 UTC] sniper@php.net 
I'm unable to reproduce this with the perl script.
Reopen this if this happens with PHP 4.0.6

--Jani
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Nov 08 08:01:29 2024 UTC