Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Does anyone know where I can find the code PHP uses to parse post data into $_POST and $_FILES? I’m trying to figure out how it handles unescaped filenames, but I can’t seem to find it. It doesn’t help that it’s a huge project and I have no idea where to even look, and searching isn’t helping.
It’s in
main/rfc1867.c. See withinrfc1867_post_handler, around where it is parsing the Content-Disposition header. The function usesphp_ap_getword_confto parse the filename value.