Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:11910
Return-Path: <u235@libero.it>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 84518 invoked by uid 1010); 4 Aug 2004 14:56:14 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 84316 invoked from network); 4 Aug 2004 14:56:13 -0000
Received: from unknown (HELO rod.elitel.it) (212.34.224.163)
  by pb1.pair.com with SMTP; 4 Aug 2004 14:56:13 -0000
Received: (qmail 84960 invoked from network); 4 Aug 2004 15:04:57 -0000
Received: from unknown (HELO astrid.santinoli.com) (212.34.243.55)
  by rod.elitel.it with SMTP; 4 Aug 2004 15:04:57 -0000
Received: by astrid.santinoli.com (Postfix, from userid 502)
	id 233344816B; Wed,  4 Aug 2004 16:56:57 +0200 (CEST)
Date: Wed, 4 Aug 2004 16:56:57 +0200
To: internals@lists.php.net
Message-ID: <20040804145657.GA15294@astrid.santinoli.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="J2SCkAp4GZ/dPZZf"
Content-Disposition: inline
Organization: Fastpath Research
User-Agent: Mutt/1.5.6i
Subject: [PATCH] Passthrough MD5/SHA1 calculation of uploaded files
From: u235@libero.it (David Santinoli)

--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Hi,
  I'm submitting a patch to perform "on the fly" MD5/SHA1 digest
calculation of a file uploaded via the HTTP POST method.  Being
not uncommon for applications to require some digest of a freshly
uploaded file, doing the math directly in the buffer where the file is
being read can save some time.

Digest calculation is triggered by setting the special input fields
COMPUTE_MD5 and/or COMPUTE_SHA1 to a non-zero value:

  <input type="hidden" name="COMPUTE_SHA1" value="1">

(note that these assignments must precede the
<input type="file" name=...> field, as in the MAX_FILE_SIZE case.)

The result is found in the special variables
$_FILES[userfile]["md5"] and $_FILES[userfile]["sha1"].
These variables are only defined upon request of the corresponding
digest.

The patch was produced against the current CVS version of rfc1867.c
(PHP_5_0 branch, v1.160).

Cheers,
 David
-- 
 David Santinoli, Milano             +   <david@santinoli.com>
 Independent Linux/Unix consultant   +   http://www.santinoli.com

--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="rfc1867_md5_sha1-cvs-1.160.diff"

--- main/rfc1867-cvs-1.160.c	2004-08-04 16:42:17.000000000 +0200
+++ main/rfc1867.c	2004-08-04 16:47:25.000000000 +0200
@@ -32,6 +32,8 @@
 #include "php_globals.h"
 #include "php_variables.h"
 #include "rfc1867.h"
+#include "ext/standard/md5.h"
+#include "ext/standard/sha1.h"
 
 #define DEBUG_FILE_UPLOAD ZEND_DEBUG
 
@@ -784,6 +786,13 @@
 	zval *array_ptr = (zval *) arg;
 	FILE *fp;
 	zend_llist header;
+	int compute_md5=0, compute_sha1=0;
+	PHP_MD5_CTX md5_context;
+	unsigned char md5_digest[16];
+	char md5_string[33];
+	PHP_SHA1_CTX sha1_context;
+	unsigned char sha1_digest[20];
+	char sha1_string[41];
 
 	if (SG(request_info).content_length > SG(post_max_size)) {
 		sapi_module.sapi_error(E_WARNING, "POST Content-Length of %d bytes exceeds the limit of %d bytes", SG(request_info).content_length, SG(post_max_size));
@@ -914,6 +923,10 @@
 				}
 				if (!strcasecmp(param, "MAX_FILE_SIZE")) {
 					max_file_size = atol(value);
+				} else if (!strcasecmp(param, "COMPUTE_MD5")) {
+					compute_md5 = atol(value);
+				} else if (!strcasecmp(param, "COMPUTE_SHA1")) {
+					compute_sha1 = atol(value);
 				}
 
 				efree(param);
@@ -964,6 +977,14 @@
 				cancel_upload = UPLOAD_ERROR_D;
 			}
 
+			if (compute_md5) {
+				PHP_MD5Init(&md5_context);
+			}
+
+			if (compute_sha1) {
+				PHP_SHA1Init(&sha1_context);
+			}
+
 			while (!cancel_upload && (blen = multipart_buffer_read(mbuff, buff, sizeof(buff) TSRMLS_CC)))
 			{
 				if (PG(upload_max_filesize) > 0 && total_bytes > PG(upload_max_filesize)) {
@@ -978,6 +999,13 @@
 					cancel_upload = UPLOAD_ERROR_B;
 				} else if (blen > 0) {
 					wlen = fwrite(buff, 1, blen, fp);
+
+					if (compute_md5) {
+						PHP_MD5Update(&md5_context, buff, blen);
+					}
+					if (compute_sha1) {
+						PHP_SHA1Update(&sha1_context, buff, blen);
+					}
 			
 					if (wlen < blen) {
 #if DEBUG_FILE_UPLOAD
@@ -991,6 +1019,15 @@
 			} 
 			fclose(fp);
 
+			if (compute_md5) {
+				PHP_MD5Final(md5_digest, &md5_context);
+				make_digest(md5_string, md5_digest);
+				}
+			if (compute_sha1) {
+				PHP_SHA1Final(sha1_digest, &sha1_context);
+				make_digest(sha1_string, sha1_digest);
+				}
+
 #if DEBUG_FILE_UPLOAD
 			if(strlen(filename) > 0 && total_bytes == 0) {
 				sapi_module.sapi_error(E_WARNING, "Uploaded file size 0 - file [%s=%s] not saved", param, filename);
@@ -1146,6 +1183,26 @@
 			add_protected_variable(lbuf TSRMLS_CC);
 			register_http_post_files_variable(lbuf, temp_filename, http_post_files, 1 TSRMLS_CC);
 
+			/* Add $foo[md5] */
+			if (!cancel_upload && compute_md5) {
+				if (is_arr_upload) {
+					sprintf(lbuf, "%s[md5][%s]", abuf, array_index);
+				} else {
+					sprintf(lbuf, "%s[md5]", param);
+				}
+				register_http_post_files_variable(lbuf, md5_string, http_post_files, 0 TSRMLS_CC);
+			}
+
+			/* Add $foo[sha1] */
+			if (!cancel_upload && compute_sha1) {
+				if (is_arr_upload) {
+					sprintf(lbuf, "%s[sha1][%s]", abuf, array_index);
+				} else {
+					sprintf(lbuf, "%s[sha1]", param);
+				}
+				register_http_post_files_variable(lbuf, sha1_string, http_post_files, 0 TSRMLS_CC);
+			}
+
 			PG(magic_quotes_gpc) = magic_quotes_gpc;
 
 			{

--J2SCkAp4GZ/dPZZf--