PHP file upload source code analysis (RFC1867)_PHP tutorial

PHP file upload source code analysis (RFC1867) Friends who need to know can refer to

. HTTP-based upload is relatively much easier to use and safer than FTP. The upload methods that can be applied include PUT , WEBDAV, and RFC1867. This article will analyze how to implement file upload based on RFC1867 in PHP.

RFC1867

RCF1867 is the Form-based File Upload in HTML standard protocol, RFC1867 The standard makes two changes to HTML:

1 adds a file option to the type attribute of the input element.
2 The input tag can have an accept attribute, which can specify a list of file types or file formats that can be uploaded.

In addition, this standard also defines a new mime type: multipart/form-data, and when processing a file with enctype="multipart/form-data" and/or containing < The behavior that should be taken when entering a form marked with input type="file">.

For example, when HTML wants the user to upload one or more files, he can write:

table>

This form must be familiar to everyone, but for PHP, it also defines a default form element MAX_FILE_SIZE. Users can use this hidden form element to suggest that PHP only allows the maximum size of the uploaded file, such as For the above example, we hope that the file uploaded by the user cannot be larger than 5000 (5k) bytes, then we can write as follows:

The code is as follows

Copy code

代码如下	复制代码
选择文件: 文件描述:

Select file:

代码如下	复制代码
选择文件: 文件描述:

File description:

The code is as follows

Copy code

代码如下

复制代码

//请求头 POST /upload.php HTTP/1.0rn ... Host: www.laruence.comrn ... Content-length: xxxxxrn ... Content-type: multipart/form-data, boundary=--------------7d51863950254rn ...rnrn //开始POST数据内容 ---------------7d51863950254 content-disposition: form-data; name="description" laruence的个人介绍 ---------------7d51863950254 content-disposition: form-data; name="userfile"; filename="laruence.txt" Content-Type: text/plain ... laruence.txt 的内容... ---------------7d51863950254

Select file:File description:

Not to mention how unreliable this MAX_FILE_SIZE is (so based on the browser The controls are all unreliable), purely from an implementation perspective, I will slowly introduce how this MAX_FILE_SIZE works. When the user selects a file (laruence.txt) and fills it out File description ("Laruence's personal introduction"), what happens after clicking upload?Form submissionAfter the user confirms submission, the browser will send a data packet in a similar format as below Go to the page specified by the action attribute in the form (upload.php in this case):

The code is as follows

Copy code

//Request headerPOST /upload.php HTTP/1.0rn.. .Host: www.laruence.comrn...Content-length: xxxxxrn...Content-type: multipart/form-data, boundary=---- ----------7d51863950254rn...rnrn//Start POST data content---------------7d51863950254content -disposition: form-data; name="description"laruence's personal introduction---------------7d51863950254content-disposition: form-data; name ="userfile"; filename="laruence.txt"Content-Type: text/plain... Content of laruence.txt...----------- ----7d51863950254

The next step is the server, how to process this data.

Accept upload

As the Web server, it is assumed to be Apache (also assume that PHP is installed in Apache as a module ), when receiving the user's data, first it determines the MIME TYPE as the PHP type based on the HTTP request header, and then after some processes (for this part, please refer to my previous PHP Life Cycle ppt), it will eventually control The power is handed over to the PHP module.

At this time, PHP will call sapi_activate to initialize a request. In this process, it first determines the request type, which is POST at this time, and then calls sapi_read_post_data. Through Content-type, find The processing function rfc1867_post_handler of rfc1867 calls this handler to analyze the data from POST.

The source code of rfc1867_post_handler can be found in mian/rfc1867.c. You can also refer to my previous in-depth understanding. PHP file upload, which also lists the source code.

Then, PHP passes the boundary, and for each segment, it checks whether the:

name and filename attributes are both defined. (Famous file upload)
If name is not defined, filename is defined (unnamed upload)
If name is defined, filename is not defined (ordinary data),

to perform different processing.

The code is as follows

Copy code

代码如下

复制代码

if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) {  char *pair=NULL;  int end=0;  while (isspace(*cd)) {   ++cd;  }  while (*cd && (pair = php_ap_getword(&cd, ';')))  {   char *key=NULL, *word = pair;   while (isspace(*cd)) {    ++cd;   }   if (strchr(pair, '=')) {    key = php_ap_getword(&pair, '=');    if (!strcasecmp(key, "name")) {     //获取name字段     if (param) {      efree(param);     }     param = php_ap_getword_conf(&pair TSRMLS_CC);    } else if (!strcasecmp(key, "filename")) {     //获取filename字段     if (filename) {      efree(filename);     }     filename = php_ap_getword_conf(&pair TSRMLS_CC);    }   }   if (key) {    efree(key);   }   efree(word);  }

if ((cd = php_mime_get_hdr_value(header, "Content-Disposition"))) {

char *pair=NULL;

int end=0;

代码如下	复制代码
/* Normal form variable, safe to read all data into memory */ if (!filename && param) {  unsigned int value_len;  char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC);  unsigned int new_val_len; /* Dummy variable */  ......  if (!strcasecmp(param, "MAX_FILE_SIZE")) {                   max_file_size = atol(value);     }  efree(param);  efree(value);  continue; }

while (isspace(* cd)) { ++cd; } while (*cd && (pair = php_ap_getword(&cd, ';'))) { char *key= NULL, *word = pair; while (isspace(*cd)) { ++cd; } if (strchr(pair, '=')) { key = php_ap_getword(&pair, '='); if (!strcasecmp(key, "name")) { //Get the name field if (param) { efree(param); } param = php_ap_getword_conf(&pair TSRMLS_CC); } else if (!strcasecmp(key, "filename")) { //Get the filename field if (filename) { efree(filename); } filename = php_ap_getword_conf(&pair TSRMLS_CC); } } if (key) {efree (key); } efree(word); }

In this process, PHP Will check if there is MAX_FILE_SIZE in the normal data.

The code is as follows	Copy code
/* Normal form variable, safe to read all data into memory */if (!filename && param) { unsigned int value_len; char *value = multipart_buffer_read_body(mbuff, &value_len TSRMLS_CC); unsigned int new_val_len; /* Dummy variable */… if (! strcasecmp(param, "MAX_FILE_SIZE")) {                                                                                 max_file_size = atol(value); >}

If yes, it will check whether the file size is exceeded according to its value.

The code is as follows

Copy code

代码如下	复制代码
if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) {  cancel_upload = UPLOAD_ERROR_A; } else if (max_file_size && (total_bytes > max_file_size)) { #if DEBUG_FILE_UPLOAD  sapi_module.sapi_error(E_NOTICE,   "MAX_FILE_SIZE of %ld bytes exceeded - file [%s=%s] not saved",    max_file_size, param, filename); #endif  cancel_upload = UPLOAD_ERROR_B; }

if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) { cancel_upload = UPLOAD_ERROR_A;
} else if (max_file_size && (total_bytes > max_file_size)) {
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error(E_NOTICE,
"MAX_FILE_SIZE of % ld bytes exceeded - file [%s=%s] not saved",
max_file_size, param, filename);
#endif
cancel_upload = UPLOAD_ERROR_B;
}

Through the above code, we can also see that the judgment is divided into two parts. The first part is to check the default upload limit of PHP. The second part It is to check the user-defined MAX_FILE_SIZE, so the MAX_FILE_SIZE defined in the form cannot exceed the maximum upload file size set in PHP.

代码如下	复制代码
if (!skip_upload) {  /* Handle file */  fd = php_open_temporary_fd_ex(PG(upload_tmp_dir),     "php", &temp_filename, 1 TSRMLS_CC);  if (fd==-1) {   sapi_module.sapi_error(E_WARNING,     "File upload error - unable to create a temporary file");   cancel_upload = UPLOAD_ERROR_E;  } }

By judging the name and filename, if it is a file upload, it will be based on PHP's Settings, create a temporary file with a random name in the file upload directory:

The code is as follows	Copy code
if (!skip_upload) { /* Handle file */ fd = php_open_temporary_fd_ex(PG (upload_tmp_dir), "php", &temp_filename, 1 TSRMLS_CC); if (fd==-1) { sapi_module.sapi_error(E_WARNING, "File upload error - unable to create a temporary file"); cancel_upload = UPLOAD_ERROR_E; } }

Return the file handle, and the temporary random file name.

代码如下	复制代码
else if (blen > 0) {  wlen = write(fd, buff, blen); //写入临时文件.  if (wlen == -1) {  /* write failed */ #if DEBUG_FILE_UPLOAD  sapi_module.sapi_error(E_NOTICE, "write() failed - %s", strerror(errno)); #endif  cancel_upload = UPLOAD_ERROR_F;  } } ....

After that, there will be some verification, such as the file name is legal, the name is legal, etc.

If these verifications pass, then the content Read and write to this temporary file.

代码如下	复制代码
zend_hash_add(SG(rfc1867_uploaded_files), temp_filename,  strlen(temp_filename) + 1, &temp_filename, sizeof(char *), NULL);

.....

The code is as follows

Copy code

代码如下	复制代码
$_FILES['userfile'] //name="userfile"

else if (blen > 0) {
wlen = write(fd , buff, blen); //Write temporary file.
if (wlen == -1) {
/* write failed */
#if DEBUG_FILE_UPLOAD
sapi_module.sapi_error (E_NOTICE, "write() failed - %s", strerror(errno));
#endif
cancel_upload = UPLOAD_ERROR_F;
}
}
... .

When the loop reading is completed, close the temporary file handle. Record the temporary variable name:

The code is as follows	Copy code td>
zend_hash_add(SG(rfc1867_uploaded_files), temp_filename, strlen(temp_filename) + 1, &temp_filename, sizeof(char *), NULL);

And generate the FILE variable. At this time, if it is uploaded by name, it will be set:

The code is as follows	Copy code
$_FILES['userfile'] //name="userfile"

If it is an unnamed upload, tmp_name will be used to set:

Final submission Process the upload.php written by the user.

The code is as follows

代码如下	复制代码
$_FILES['tmp_name'] //无名上传

Copy code

$_FILES['tmp_name'] //Unnamed upload

At this time, in upload.php, the user can operate the file just generated through move_uploaded_file

http://www.bkjia.com/PHPjc/444674.htmlwww.bkjia.comtrue

http: //www.bkjia.com/PHPjc/444674.html

TechArticle

PHP file upload source code analysis (RFC1867) Friends who need to know more can refer to HTTP-based upload, relatively speaking In terms of ease of use and security, it is much enhanced than FTP. It can be applied to upload...