Fix ignoring invalid/incomplete parts

clue · clue · commit 8c281d472ba6 · 2017-11-28T15:06:48.000+01:00
diff --git a/src/Io/MultipartParser.php b/src/Io/MultipartParser.php
@@ -105,12 +105,13 @@ private function parseBuffer()
 
     private function parseChunk($chunk)
     {
-        if ($chunk === '') {
+        $pos = strpos($chunk, "\r\n\r\n");
+        if ($pos === false) {
             return;
         }
 
-        list ($header, $body) = explode("\r\n\r\n", $chunk, 2);
-        $headers = $this->parseHeaders($header);
+        $headers = $this->parseHeaders((string)substr($chunk, 0, $pos));
+        $body = (string)substr($chunk, $pos + 4);
 
         if (!isset($headers['content-disposition'])) {
             return;
diff --git a/tests/Io/MultipartParserTest.php b/tests/Io/MultipartParserTest.php
@@ -379,6 +379,93 @@ public function testFileUpload()
         $this->assertSame("<?php echo 'Owner';\r\n\r\n", (string)$files['files'][2]->getStream());
     }
 
+    public function testInvalidDoubleContentDispositionUsesLast()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"ignored\"\r\n";
+        $data .= "Content-Disposition: form-data; name=\"key\"\r\n";
+        $data .= "\r\n";
+        $data .= "value\r\n";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertSame(
+            array(
+                'key' => 'value'
+            ),
+            $parsedRequest->getParsedBody()
+        );
+    }
+
+    public function testInvalidMissingNewlineAfterValueDoesNotMatter()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"key\"\r\n";
+        $data .= "\r\n";
+        $data .= "value";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertSame(
+            array(
+                'key' => 'value'
+            ),
+            $parsedRequest->getParsedBody()
+        );
+    }
+
+    public function testInvalidMissingValueWillBeIgnored()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"key\"\r\n";
+        $data .= "\r\n";
+        $data .= "--$boundary--\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertEmpty($parsedRequest->getParsedBody());
+    }
+
+    public function testInvalidMissingValueAndEndBoundaryWillBeIgnored()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"key\"\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/form-data; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertEmpty($parsedRequest->getParsedBody());
+    }
+
     public function testInvalidContentDispositionMissingWillBeIgnored()
     {
         $boundary = "---------------------------5844729766471062541057622570";
@@ -419,6 +506,28 @@ public function testInvalidContentDispositionWithoutNameWillBeIgnored()
         $this->assertEmpty($parsedRequest->getParsedBody());
     }
 
+    public function testInvalidMissingEndBoundaryWillBeIgnored()
+    {
+        $boundary = "---------------------------5844729766471062541057622570";
+
+        $data  = "--$boundary\r\n";
+        $data .= "Content-Disposition: form-data; name=\"key\"\r\n";
+        $data .= "\r\n";
+        $data .= "value\r\n";
+
+        $request = new ServerRequest('POST', 'http://example.com/', array(
+            'Content-Type' => 'multipart/mixed; boundary=' . $boundary,
+        ), $data, 1.1);
+
+        $parsedRequest = MultipartParser::parseRequest($request);
+
+        $this->assertEmpty($parsedRequest->getUploadedFiles());
+        $this->assertSame(
+            null,
+            $parsedRequest->getParsedBody()
+        );
+    }
+
     public function testInvalidUploadFileWithoutContentTypeUsesNullValue()
     {
         $boundary = "---------------------------12758086162038677464950549563";

Original file line number	Diff line number	Diff line change
`@@ -105,12 +105,13 @@ private function parseBuffer()`
`105`	`105`
`106`	`106`	`private function parseChunk($chunk)`
`107`	`107`	`{`
`108`		`- if ($chunk === '') {`
	`108`	`+ $pos = strpos($chunk, "\r\n\r\n");`
	`109`	`+ if ($pos === false) {`
`109`	`110`	`return;`
`110`	`111`	`}`
`111`	`112`
`112`		`- list ($header, $body) = explode("\r\n\r\n", $chunk, 2);`
`113`		`- $headers = $this->parseHeaders($header);`
	`113`	`+ $headers = $this->parseHeaders((string)substr($chunk, 0, $pos));`
	`114`	`+ $body = (string)substr($chunk, $pos + 4);`
`114`	`115`
`115`	`116`	`if (!isset($headers['content-disposition'])) {`
`116`	`117`	`return;`