Description:
------------
Binary data supplied from the client via multipart/formdata POST (rfc1867) gets corrupted. Data will be truncated at the first occurence of a zero byte.


Reproduce code:
---------------
We post a variable called "mydata" containing "test\0test" (test, binary zero, test). This data is 9 bytes long.

We use the following PHP code to dump all submitted POST data:
var_dump($_POST);

Here's a hex dump of the POST:
0000: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d ----------------
0010: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 64 35 --------------d5
0020: 66 34 30 63 31 30 63 39 32 66 0d 0a 43 6f 6e 74 f40c10c92f..Cont
0030: 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a ent-Disposition:
0040: 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65  form-data; name
0050: 3d 22 6d 79 64 61 74 61 22 0d 0a 0d 0a 74 65 73 ="mydata"....tes
0060: 74 00 74 65 73 74 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d t.test..--------
0070: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d ----------------
0080: 2d 2d 2d 2d 2d 2d 64 35 66 34 30 63 31 30 63 39 ------d5f40c10c9
0090: 32 66 2d 2d 0d 0a                               2f--

And here's C code (using libcurl) that will generate such a request, which is perfectly RFC1867 compliant:

curl_formadd(&post, &last,
                CURLFORM_COPYNAME, "mydata",
                CURLFORM_PTRCONTENTS, "test\0test",         
               CURLFORM_CONTENTSLENGTH, 9,
               CURLFORM_END);


Expected result:
----------------
array(1) {
  ["mydata"]=>
  string(9) "test"
}



Actual result:
--------------
array(1) {
  ["mydata"]=>
  string(4) "test"
}

Note: The problem can by worked around by using Base64 encoding, etc, but that's not the point. RFC1867 was created for providing a method of sending large quantities of binary data or text containing non-ASCII characters, without the need for inefficient coding.