recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Handle "multipart/form-data" correctly even if we get the data

Summary: Fixes T3673. Supposedly we won't get any data in this case, but it seems we sometimes do. See discussion in task.

Test Plan: Used `var_dump()`, etc., to verify we short circuit out of "multipart/form-data" posts regardless of the presence of input data.

Reviewers: nmalcolm, btrahan

Reviewed By: nmalcolm

CC: aran

Maniphest Tasks: T3673

Differential Revision: https://secure.phabricator.com/D6670

epriestley a5f790e1 ed9edc5d

+12 -3
+12 -3
src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
··· 88 88 $parser = new PhutilQueryStringParser(); 89 89 $data = array(); 90 90 91 + // If the request has "multipart/form-data" content, we can't use 92 + // PhutilQueryStringParser to parse it, and the raw data supposedly is not 93 + // available anyway (according to the PHP documentation, "php://input" is 94 + // not available for "multipart/form-data" requests). However, it is 95 + // available at least some of the time (see T3673), so double check that 96 + // we aren't trying to parse data we won't be able to parse correctly by 97 + // examining the Content-Type header. 98 + $content_type = idx($_SERVER, 'CONTENT_TYPE'); 99 + $is_form_data = preg_match('@^multipart/form-data@i', $content_type); 100 + 91 101 $raw_input = PhabricatorStartup::getRawInput(); 92 - if (strlen($raw_input)) { 102 + if (strlen($raw_input) && !$is_form_data) { 93 103 $data += $parser->parseQueryString($raw_input); 94 104 } else if ($_POST) { 95 105 $data += $_POST; 96 106 } 97 107 98 - $data += $parser->parseQueryString( 99 - isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ""); 108 + $data += $parser->parseQueryString(idx($_SERVER, 'QUERY_STRING', '')); 100 109 101 110 $request = new AphrontRequest($this->getHost(), $this->getPath()); 102 111 $request->setRequestData($data);