@@ -158,7 +158,7 @@ typedef struct {
158158*/
159159static int fill_buffer (multipart_buffer * self TSRMLS_DC )
160160{
161- int bytes_to_read , actual_read = 0 ;
161+ int bytes_to_read , total_read = 0 , actual_read = 0 ;
162162
163163 /* shift the existing data if necessary */
164164 if (self -> bytes_in_buffer > 0 && self -> buf_begin != self -> buffer ) {
@@ -171,7 +171,7 @@ static int fill_buffer(multipart_buffer *self TSRMLS_DC)
171171 bytes_to_read = self -> bufsize - self -> bytes_in_buffer ;
172172
173173 /* read the required number of bytes */
174- if (bytes_to_read > 0 ) {
174+ while (bytes_to_read > 0 ) {
175175
176176 char * buf = self -> buffer + self -> bytes_in_buffer ;
177177
@@ -181,10 +181,14 @@ static int fill_buffer(multipart_buffer *self TSRMLS_DC)
181181 if (actual_read > 0 ) {
182182 self -> bytes_in_buffer += actual_read ;
183183 SG (read_post_bytes ) += actual_read ;
184+ total_read += actual_read ;
185+ bytes_to_read -= actual_read ;
186+ } else {
187+ break ;
184188 }
185189 }
186190
187- return actual_read ;
191+ return total_read ;
188192}
189193
190194
@@ -334,7 +338,12 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
334338 /* add header to table */
335339
336340 char * key = line ;
337- char * value = strchr (line , ':' );
341+ char * value = NULL ;
342+
343+ /* space in the beginning means same header */
344+ if (!isspace (line [0 ])) {
345+ value = strchr (line , ':' );
346+ }
338347
339348 if (value ) {
340349 * value = 0 ;
@@ -343,7 +352,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
343352 entry .value = estrdup (value );
344353 entry .key = estrdup (key );
345354
346- } else if (zend_llist_remove_tail (header )) { /* If no ':' on the line, add to previous line */
355+ } else if (zend_llist_count (header )) { /* If no ':' on the line, add to previous line */
347356
348357 prev_len = strlen (prev_entry .value );
349358 cur_len = strlen (line );
@@ -354,6 +363,10 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
354363 entry .value [cur_len + prev_len ] = '\0' ;
355364
356365 entry .key = estrdup (prev_entry .key );
366+
367+ zend_llist_remove_tail (header );
368+ } else {
369+ continue ;
357370 }
358371
359372 zend_llist_add_element (header , & entry );
@@ -400,7 +413,9 @@ static char *php_ap_getword(char **line, char stop)
400413 ++ pos ;
401414 }
402415 }
403- ++ pos ;
416+ if (* pos ) {
417+ ++ pos ;
418+ }
404419 } else ++ pos ;
405420
406421 }
@@ -706,15 +721,21 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
706721
707722 /* If file_uploads=off, skip the file part */
708723 if (!PG (file_uploads )) {
709- efree (filename );
710- if (param ) efree (param );
724+ if (filename ) {
725+ efree (filename );
726+ }
727+ if (param ) {
728+ efree (param );
729+ }
711730 continue ;
712731 }
713732
714733 /* Return with an error if the posted data is garbled */
715734 if (!param ) {
716735 sapi_module .sapi_error (E_WARNING , "File Upload Mime headers garbled" );
717- efree (filename );
736+ if (filename ) {
737+ efree (filename );
738+ }
718739 SAFE_RETURN ;
719740 }
720741
@@ -729,7 +750,9 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
729750 cancel_upload = 0 ;
730751
731752 if (strlen (filename ) == 0 ) {
753+ #ifdef DEBUG_FILE_UPLOAD
732754 sapi_module .sapi_error (E_NOTICE , "No file uploaded" );
755+ #endif
733756 cancel_upload = UPLOAD_ERROR_D ;
734757 }
735758
@@ -822,7 +845,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
822845 s = NULL ;
823846
824847 /* Possible Content-Type: */
825- if (!(cd = php_mime_get_hdr_value (header , "Content-Type" )) || filename == "" ) {
848+ if (cancel_upload || !(cd = php_mime_get_hdr_value (header , "Content-Type" ))) {
826849 cd = "" ;
827850 } else {
828851 /* fix for Opera 6.01 */
0 commit comments