private static void putRequestMap( Env env, ArrayValue post, ArrayValue files, HttpServletRequest request, boolean addSlashesToValues, boolean isAllowUploads) { // this call consumes the inputstream Map<String, String[]> map = request.getParameterMap(); if (map == null) return; long maxFileSize = Long.MAX_VALUE; Value maxFileSizeV = post.get(MAX_FILE_SIZE); if (maxFileSizeV.isNull()) maxFileSize = maxFileSizeV.toLong(); if (isAllowUploads) { for (Map.Entry<String, String[]> entry : map.entrySet()) { String key = entry.getKey(); int len = key.length(); if (len < 10 || !key.endsWith(".filename")) continue; String name = key.substring(0, len - 9); String[] fileNames = request.getParameterValues(name + ".filename"); String[] tmpNames = request.getParameterValues(name + ".file"); String[] mimeTypes = request.getParameterValues(name + ".content-type"); for (int i = 0; i < fileNames.length; i++) { long fileLength = new FilePath(tmpNames[i]).getLength(); addFormFile( env, files, name, fileNames[i], tmpNames[i], mimeTypes[i], fileLength, addSlashesToValues, maxFileSize); } } } ArrayList<String> keys = new ArrayList<String>(); keys.addAll(request.getParameterMap().keySet()); Collections.sort(keys); for (String key : keys) { String[] value = request.getParameterValues(key); Post.addFormValue(env, post, key, value, addSlashesToValues); } }
private static void addFormFile( Env env, ArrayValue files, String name, String fileName, String tmpName, String mimeType, long fileLength, boolean addSlashesToValues, long maxFileSize) { int p = name.indexOf('['); String index = ""; if (p >= 0) { index = name.substring(p); name = name.substring(0, p); } StringValue nameValue = env.createString(name); Value v = files.get(nameValue).toValue(); ArrayValue entry = null; if (v instanceof ArrayValue) entry = (ArrayValue) v; if (entry == null) { entry = new ArrayValueImpl(); files.put(nameValue, entry); } int error; // php/1667 long uploadMaxFilesize = env.getIniBytes("upload_max_filesize", 2 * 1024 * 1024); if (fileName.length() == 0) // php/0864 error = FileModule.UPLOAD_ERR_NO_FILE; else if (fileLength > uploadMaxFilesize) error = FileModule.UPLOAD_ERR_INI_SIZE; else if (fileLength > maxFileSize) error = FileModule.UPLOAD_ERR_FORM_SIZE; else error = FileModule.UPLOAD_ERR_OK; addFormValue(env, entry, "name" + index, env.createString(fileName), null, addSlashesToValues); long size; if (error == FileModule.UPLOAD_ERR_OK) { size = fileLength; } else { mimeType = ""; tmpName = ""; size = 0; } if (mimeType != null) { addFormValue( env, entry, "type" + index, env.createString(mimeType), null, addSlashesToValues); } addFormValue( env, entry, "tmp_name" + index, env.createString(tmpName), null, addSlashesToValues); addFormValue(env, entry, "error" + index, LongValue.create(error), null, addSlashesToValues); addFormValue(env, entry, "size" + index, LongValue.create(size), null, addSlashesToValues); addFormValue(env, files, name, entry, null, addSlashesToValues); }
public static void addFormValue( Env env, ArrayValue array, String key, Value formValue, String[] formValueList, boolean addSlashesToValues) { int p = -1; int q = -1; if (key != null) { p = key.indexOf('['); q = key.indexOf(']', p); } if (p >= 0 && p < q) { String index = key; Value keyValue; Value existingValue; if (p > 0) { key = key.substring(0, p); key = key.replaceAll("\\.", "_"); keyValue = env.createString(key); existingValue = array.get(keyValue); if (existingValue == null || !existingValue.isset()) { existingValue = new ArrayValueImpl(); array.put(keyValue, existingValue); } else if (!existingValue.isArray()) { // existing is overwritten // php/115g existingValue = new ArrayValueImpl(); array.put(keyValue, existingValue); } array = (ArrayValue) existingValue; } int p1; while ((p1 = index.indexOf('[', q)) > 0) { key = index.substring(p + 1, q); if (key.equals("")) { existingValue = new ArrayValueImpl(); array.put(existingValue); } else { keyValue = env.createString(key); existingValue = array.get(keyValue); if (existingValue == null || !existingValue.isset()) { existingValue = new ArrayValueImpl(); array.put(keyValue, existingValue); } else if (!existingValue.isArray()) { existingValue = new ArrayValueImpl().put(existingValue); array.put(keyValue, existingValue); } } array = (ArrayValue) existingValue; p = p1; q = index.indexOf(']', p); } if (q > 0) index = index.substring(p + 1, q); else index = index.substring(p + 1); if (index.equals("")) { if (formValueList != null) { for (int i = 0; i < formValueList.length; i++) { Value value; if (formValueList[i] != null) value = env.createString(formValueList[i]); else value = NullValue.NULL; put(array, null, value, addSlashesToValues); } } else array.put(formValue); } else if ('0' <= index.charAt(0) && index.charAt(0) <= '9') put(array, LongValue.create(StringValue.toLong(index)), formValue, addSlashesToValues); else put(array, env.createString(index), formValue, addSlashesToValues); } else { if (key != null) { key = key.replaceAll("\\.", "_"); put(array, env.createString(key), formValue, addSlashesToValues); } else { put(array, null, formValue, addSlashesToValues); } } }
private static void readMultipartStream( Env env, MultipartStream ms, ArrayValue postArray, ArrayValue files, boolean addSlashesToValues, boolean isAllowUploads) throws IOException { ReadStream is; while ((is = ms.openRead()) != null) { String attr = (String) ms.getAttribute("content-disposition"); if (attr == null || !attr.startsWith("form-data")) { // XXX: is this an error? continue; } String name = getAttribute(attr, "name", addSlashesToValues); String filename = getAttribute(attr, "filename", addSlashesToValues); if (filename != null) { int slashIndex = filename.lastIndexOf('/'); int slashIndex2 = filename.lastIndexOf('\\'); slashIndex = Math.max(slashIndex, slashIndex2); if (slashIndex >= 0) filename = filename.substring(slashIndex + 1); } int bracketIndex = -1; if (name != null) bracketIndex = name.lastIndexOf(']'); if (bracketIndex >= 0 && bracketIndex < name.length() - 1) { // php/085c } else if (filename == null) { StringValue value = env.createStringBuilder(); value.appendReadAll(is, Integer.MAX_VALUE); if (name != null) { addFormValue(env, postArray, name, value, null, addSlashesToValues); } else { env.warning(L.l("file upload is missing name and filename")); } } else { if (!isAllowUploads) { continue; } String tmpName = ""; long tmpLength = 0; // A POST file upload with an empty string as the filename does not // create a temp file in the upload directory. if (filename.length() > 0) { Path tmpPath = env.getUploadDirectory().createTempFile("php", ".tmp"); env.addRemovePath(tmpPath); WriteStream os = tmpPath.openWrite(); try { os.writeStream(is); } finally { os.close(); } tmpName = tmpPath.getFullPath(); tmpLength = tmpPath.getLength(); } // php/0865 // // A header like "Content-Type: image/gif" indicates the mime type // for an uploaded file. String mimeType = getAttribute(attr, "mime-type", addSlashesToValues); if (mimeType == null) { mimeType = (String) ms.getAttribute("content-type"); // php/085f if (mimeType != null && mimeType.endsWith(";")) mimeType = mimeType.substring(0, mimeType.length() - 1); } // php/0864 // // mime type is empty string when no file is uploaded. if (filename.length() == 0) { mimeType = ""; } long maxFileSize = Long.MAX_VALUE; Value maxFileSizeV = postArray.get(MAX_FILE_SIZE); if (!maxFileSizeV.isNull()) maxFileSize = maxFileSizeV.toLong(); if (name != null) { addFormFile( env, files, name, filename, tmpName, mimeType, tmpLength, addSlashesToValues, maxFileSize); } else { addFormFile( env, files, filename, tmpName, mimeType, tmpLength, addSlashesToValues, maxFileSize); } } } }