Page MenuHomePhabricator
Differential D18699

Add a rough HTTP header value parser
ClosedPublic
Actions

Authored by epriestley on Oct 10 2017, 8:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 25, 2:58 AM
Unknown Object (File)
Fri, Apr 19, 2:42 AM
Unknown Object (File)
Thu, Apr 11, 10:31 AM
Unknown Object (File)
Thu, Mar 28, 9:16 PM
Unknown Object (File)
Mar 1 2024, 4:34 PM
Unknown Object (File)
Feb 18 2024, 1:34 AM
Unknown Object (File)
Feb 12 2024, 4:05 AM
Unknown Object (File)
Jan 30 2024, 4:04 PM
View All 75 Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13008: Process slot exhaustion in Phacility web tier
Commits
rPHU68324a95db7e: Add a rough HTTP header value parser
Summary

Ref T13008. Before we can disable enable_post_data_reading, we must be able to rebuild $_FILES ourselves. Before we can do this, we must be able to parse multipart/form-data requests. And, before we can do this, we must be able to parse complex HTTP headers, including these:

Content-Type: multipart/form-data; boundary="ABCDEFG"
Content-Disposition: form-data; name="something"; filename="something else"

Add a parser which can do this. The key parts are:

  • Picking the "boundary" out of the "Content-Type" header.
  • Picking all the stuff out of the "Content-Disposition" header for the actual multipart body.

This parser probably isn't perfect, but it will only be invoked when users upload vanilla files (e.g., "Change Profile Picture") so it's okay if it takes a while to sort out all the details.

Test Plan

Added unit tests, ran unit tests.

Diff Detail

Repository
rPHU libphutil
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Oct 10 2017, 8:23 PM
Harbormaster completed remote builds in B18667: Diff 44891.Oct 10 2017, 8:24 PM
amckinley accepted this revision.Oct 10 2017, 8:29 PM
amckinley added inline comments.
src/aphront/headerparser/AphrontHTTPHeaderParser.php
128

Shouldn't this be if ($state != 'done')?

This revision is now accepted and ready to land.Oct 10 2017, 8:29 PM
epriestley added a comment.Oct 10 2017, 8:32 PM

For cases like Animal: zebra we'll end up in state "key" (since we never saw a ; or =), which is okay.

For cases like Animal: zebra= we'll end up in some other state but things turn out mostly okay for now, I think (zebra and zebra= have the same behavior).

epriestley added a child revision: D18700: Add a rough "multipart/form-data" stream parser.Oct 10 2017, 8:36 PM
Closed by commit rPHU68324a95db7e: Add a rough HTTP header value parser (authored by epriestley). · Explain WhyOct 12 2017, 7:34 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
4 lines
aphront/
headerparser/
150 lines
__tests__/
108 lines

Diff 44898

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/aphront/headerparser/AphrontHTTPHeaderParser.php

Loading...
View Options

src/aphront/headerparser/__tests__/AphrontHTTPHeaderParserTestCase.php

Loading...
Phabricator · Built by Phacility