Page MenuHomePhabricator
Differential D18699

Add a rough HTTP header value parser
ClosedPublic
Actions

Authored by epriestley on Oct 10 2017, 8:23 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 18, 3:23 AM
Unknown Object (File)
Fri, Dec 6, 11:15 PM
Unknown Object (File)
Tue, Dec 3, 1:09 PM
Unknown Object (File)
Wed, Nov 27, 9:58 PM
Unknown Object (File)
Mon, Nov 25, 1:46 PM
Unknown Object (File)
Sun, Nov 24, 12:27 AM
Unknown Object (File)
Oct 22 2024, 9:29 PM
Unknown Object (File)
Oct 21 2024, 8:55 PM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13008: Process slot exhaustion in Phacility web tier
Commits
rPHU68324a95db7e: Add a rough HTTP header value parser
Summary

Ref T13008. Before we can disable enable_post_data_reading, we must be able to rebuild $_FILES ourselves. Before we can do this, we must be able to parse multipart/form-data requests. And, before we can do this, we must be able to parse complex HTTP headers, including these:

Content-Type: multipart/form-data; boundary="ABCDEFG"
Content-Disposition: form-data; name="something"; filename="something else"

Add a parser which can do this. The key parts are:

  • Picking the "boundary" out of the "Content-Type" header.
  • Picking all the stuff out of the "Content-Disposition" header for the actual multipart body.

This parser probably isn't perfect, but it will only be invoked when users upload vanilla files (e.g., "Change Profile Picture") so it's okay if it takes a while to sort out all the details.

Test Plan

Added unit tests, ran unit tests.

Diff Detail

Repository
rPHU libphutil
Branch
post1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 18667
Build 25145: Run Core Tests
Build 25144: arc lint + arc unit

Event Timeline

epriestley created this revision.Oct 10 2017, 8:23 PM
Harbormaster completed remote builds in B18667: Diff 44891.Oct 10 2017, 8:24 PM
amckinley accepted this revision.Oct 10 2017, 8:29 PM
amckinley added inline comments.
src/aphront/headerparser/AphrontHTTPHeaderParser.php
127

Shouldn't this be if ($state != 'done')?

This revision is now accepted and ready to land.Oct 10 2017, 8:29 PM
epriestley added a comment.Oct 10 2017, 8:32 PM

For cases like Animal: zebra we'll end up in state "key" (since we never saw a ; or =), which is okay.

For cases like Animal: zebra= we'll end up in some other state but things turn out mostly okay for now, I think (zebra and zebra= have the same behavior).

epriestley added a child revision: D18700: Add a rough "multipart/form-data" stream parser.Oct 10 2017, 8:36 PM
Closed by commit rPHU68324a95db7e: Add a rough HTTP header value parser (authored by epriestley). · Explain WhyOct 12 2017, 7:34 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
4 lines
aphront/
headerparser/
150 lines
__tests__/
108 lines

Diff 44891

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/aphront/headerparser/AphrontHTTPHeaderParser.php

Loading...
View Options

src/aphront/headerparser/__tests__/AphrontHTTPHeaderParserTestCase.php

Loading...
Phabricator · Built by Phacility