Handle "multipart/form-data" correctly even if we get the data

Summary: Fixes T3673. Supposedly we won't get any data in this case, but it seems we sometimes do. See discussion in task.

Test Plan: Used `var_dump()`, etc., to verify we short circuit out of "multipart/form-data" posts regardless of the presence of input data.

Reviewers: nmalcolm, btrahan

Reviewed By: nmalcolm

CC: aran

Maniphest Tasks: T3673

Differential Revision: https://secure.phabricator.com/D6670

src/aphront/configuration/AphrontDefaultApplicationConfiguration.php

@@ -88,15 +88,24 @@ class AphrontDefaultApplicationConfiguration
     $parser = new PhutilQueryStringParser();
     $data   = array();
 
+    // If the request has "multipart/form-data" content, we can't use
+    // PhutilQueryStringParser to parse it, and the raw data supposedly is not
+    // available anyway (according to the PHP documentation, "php://input" is
+    // not available for "multipart/form-data" requests). However, it is
+    // available at least some of the time (see T3673), so double check that
+    // we aren't trying to parse data we won't be able to parse correctly by
+    // examining the Content-Type header.
+    $content_type = idx($_SERVER, 'CONTENT_TYPE');
+    $is_form_data = preg_match('@^multipart/form-data@i', $content_type);
+
     $raw_input = PhabricatorStartup::getRawInput();
-    if (strlen($raw_input)) {
+    if (strlen($raw_input) && !$is_form_data) {
       $data += $parser->parseQueryString($raw_input);
     } else if ($_POST) {
       $data += $_POST;
     }
 
-    $data += $parser->parseQueryString(
-      isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : "");
+    $data += $parser->parseQueryString(idx($_SERVER, 'QUERY_STRING', ''));
 
     $request = new AphrontRequest($this->getHost(), $this->getPath());
     $request->setRequestData($data);