summaryrefslogtreecommitdiff
path: root/ufilter.c
diff options
context:
space:
mode:
authorBen Fuhrmannek2014-07-12 09:25:28 +0200
committerBen Fuhrmannek2014-07-12 09:25:28 +0200
commit6bb8cdbbd56c09a6864b40ce21f9a87abd942305 (patch)
treeae2455c089646cb118ef1efff3af4b677d3b999e /ufilter.c
parentdd270c094df080ff8438d29e14ec1bbffe0ca993 (diff)
introduced suhosin.upload.allow_utf8
Diffstat (limited to 'ufilter.c')
-rw-r--r--ufilter.c18
1 files changed, 7 insertions, 11 deletions
diff --git a/ufilter.c b/ufilter.c
index 2eeed56..6d9669f 100644
--- a/ufilter.c
+++ b/ufilter.c
@@ -281,10 +281,10 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
281 int n; 281 int n;
282 cpend = mefd->data + mefd->length; 282 cpend = mefd->data + mefd->length;
283 for (char *cp = mefd->data; cp < cpend; cp++) { 283 for (char *cp = mefd->data; cp < cpend; cp++) {
284 if (*cp >= 32) { 284 if (*cp >= 32 || isspace(*cp)) {
285 continue; 285 continue;
286 } 286 }
287 if (*cp & 0x80) { 287 if ((*cp & 0x80) && SUHOSIN_G(upload_allow_utf8)) {
288 SDEBUG("checking char %x", *cp); 288 SDEBUG("checking char %x", *cp);
289 if ((n = suhosin_validate_utf8_multibyte(cp))) { // valid UTF8 multibyte character 289 if ((n = suhosin_validate_utf8_multibyte(cp))) { // valid UTF8 multibyte character
290 cp += n - 1; 290 cp += n - 1;
@@ -292,16 +292,12 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
292 } 292 }
293 } 293 }
294 294
295 if (!isspace(*cp)) { 295 suhosin_log(S_FILES, "uploaded file contains binary data - file dropped");
296 suhosin_log(S_FILES, "uploaded file contains binary data - file dropped"); 296 if (!SUHOSIN_G(simulation)) {
297 if (!SUHOSIN_G(simulation)) { 297 goto continue_with_failure;
298 goto continue_with_failure;
299 }
300 break;
301 } 298 }
302 299 break;
303 } 300 }
304
305 } 301 }
306 302
307 if (SUHOSIN_G(upload_remove_binary)) { 303 if (SUHOSIN_G(upload_remove_binary)) {
@@ -313,7 +309,7 @@ int suhosin_rfc1867_filter(unsigned int event, void *event_data, void **extra TS
313 for (i=0, j=0; i<mefd->length; i++) { 309 for (i=0, j=0; i<mefd->length; i++) {
314 if (mefd->data[i] >= 32 || isspace(mefd->data[i])) { 310 if (mefd->data[i] >= 32 || isspace(mefd->data[i])) {
315 mefd->data[j++] = mefd->data[i]; 311 mefd->data[j++] = mefd->data[i];
316 } else if (mefd->data[i] & 0x80) { 312 } else if (SUHOSIN_G(upload_allow_utf8) && mefd->data[i] & 0x80) {
317 n = suhosin_validate_utf8_multibyte(mefd->data + i); 313 n = suhosin_validate_utf8_multibyte(mefd->data + i);
318 if (!n) { continue; } 314 if (!n) { continue; }
319 while (n) { 315 while (n) {