1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-28 16:30:59 +01:00

Handle "multipart/form-data" correctly even if we get the data

Summary: Fixes T3673. Supposedly we won't get any data in this case, but it seems we sometimes do. See discussion in task.

Test Plan: Used `var_dump()`, etc., to verify we short circuit out of "multipart/form-data" posts regardless of the presence of input data.

Reviewers: nmalcolm, btrahan

Reviewed By: nmalcolm

CC: aran

Maniphest Tasks: T3673

Differential Revision: https://secure.phabricator.com/D6670
This commit is contained in:
epriestley 2013-08-04 11:37:17 -07:00
parent ed9edc5d3a
commit a5f790e192

View file

@ -88,15 +88,24 @@ class AphrontDefaultApplicationConfiguration
$parser = new PhutilQueryStringParser();
$data = array();
// If the request has "multipart/form-data" content, we can't use
// PhutilQueryStringParser to parse it, and the raw data supposedly is not
// available anyway (according to the PHP documentation, "php://input" is
// not available for "multipart/form-data" requests). However, it is
// available at least some of the time (see T3673), so double check that
// we aren't trying to parse data we won't be able to parse correctly by
// examining the Content-Type header.
$content_type = idx($_SERVER, 'CONTENT_TYPE');
$is_form_data = preg_match('@^multipart/form-data@i', $content_type);
$raw_input = PhabricatorStartup::getRawInput();
if (strlen($raw_input)) {
if (strlen($raw_input) && !$is_form_data) {
$data += $parser->parseQueryString($raw_input);
} else if ($_POST) {
$data += $_POST;
}
$data += $parser->parseQueryString(
isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : "");
$data += $parser->parseQueryString(idx($_SERVER, 'QUERY_STRING', ''));
$request = new AphrontRequest($this->getHost(), $this->getPath());
$request->setRequestData($data);