From eedb7712506c548e93dc25aa630606e6f9d19ae5 Mon Sep 17 00:00:00 2001
From: smarcet <smarcet@gmail.com>
Date: Thu, 25 Apr 2019 15:22:02 -0300
Subject: [PATCH] Fix error on multipart parsing

Change-Id: I2d02d890ddbaf03f47c700a530b4d261027642ff
---
 .../OAuth2PresentationApiController.php       | 28 +++++------
 .../ParseMultiPartFormDataInputStream.php     | 12 ++---
 .../ParseMultiPartFormDataInputStreamTest.php | 46 +++++++++++++++++++
 3 files changed, 65 insertions(+), 21 deletions(-)

diff --git a/app/Http/Controllers/Apis/Protected/Summit/OAuth2PresentationApiController.php b/app/Http/Controllers/Apis/Protected/Summit/OAuth2PresentationApiController.php
index e46869bb..3009bf2f 100644
--- a/app/Http/Controllers/Apis/Protected/Summit/OAuth2PresentationApiController.php
+++ b/app/Http/Controllers/Apis/Protected/Summit/OAuth2PresentationApiController.php
@@ -11,7 +11,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
-
 use libs\utils\HTMLCleaner;
 use models\exceptions\EntityNotFoundException;
 use models\exceptions\ValidationException;
@@ -29,7 +28,6 @@ use models\utils\IEntity;
 use ModelSerializers\SerializerRegistry;
 use services\model\IPresentationService;
 use utils\ParseMultiPartFormDataInputStream;
-
 /**
  * Class OAuth2PresentationApiController
  * @package App\Http\Controllers
@@ -682,18 +680,20 @@ final class OAuth2PresentationApiController extends OAuth2ProtectedController
             if (false !== $pos = strpos($content_type, ';')) {
                 $content_type = substr($content_type, 0, $pos);
             }
-
-            if(!strstr($content_type, 'multipart/form-data'))
-                return $this->error400();
-
-            $parser   = new ParseMultiPartFormDataInputStream(file_get_contents('php://input'));
-            $input    = $parser->getInput();
-            $data = $input['parameters'];
-            $files    = $input['files'];
-            $file     = null;
-
-            if(isset($files['file']))
-                $file = $files['file'];
+            $file  = null;
+            $data  = $request->all();
+            Log::debug("updatePresentationSlide: data ".var_dump($data));
+            if(strstr($content_type, 'multipart/form-data')) {
+                Log::debug("updatePresentationSlide: has multipart/form-data");
+                $parser = new ParseMultiPartFormDataInputStream(file_get_contents('php://input'));
+                $input  = $parser->getInput();
+                Log::debug("updatePresentationSlide: input ".var_dump($input));
+                $data   = $input['parameters'];
+                $files  = $input['files'];
+                $file   = null;
+                if (isset($files['file']))
+                    $file = $files['file'];
+            }
 
             $rules = [
                 'link'            => 'nullable|url',
diff --git a/app/Http/Utils/ParseMultiPartFormDataInputStream.php b/app/Http/Utils/ParseMultiPartFormDataInputStream.php
index 02e73319..80516a9d 100644
--- a/app/Http/Utils/ParseMultiPartFormDataInputStream.php
+++ b/app/Http/Utils/ParseMultiPartFormDataInputStream.php
@@ -233,21 +233,19 @@ final class ParseMultiPartFormDataInputStream
      */
     private function parameter($string)
     {
-        $data = [];
         $string = trim($string);
-        if(empty($string)) return $data;
-
-        if ( preg_match('/name=\"([^\"]*)\"[\n|\r]+([^\n\r].*)?\r$/s', $string, $match) ) {
+        $data = [];
+        if ( preg_match('/name=\"(.*)\"\n*(.*)$/s', $string, $match) ) {
             if (preg_match('/^(.*)\[\]$/i', $match[1], $tmp)) {
-                $data[$tmp[1]][] = (count($match) >=2 && $match[2] !== NULL ? $match[2] : '');
+                $data[$tmp[1]][] = ($match[2] !== NULL ? $match[2] : '');
             } else {
-                $data[$match[1]] = (count($match) >=2 && $match[2] !== NULL ? $match[2] : '');
+                $data[$match[1]] = ($match[2] !== NULL ? $match[2] : '');
             }
         }
-
         return $data;
     }
 
+
     /**
      * @function merge
      * @param $array array
diff --git a/tests/ParseMultiPartFormDataInputStreamTest.php b/tests/ParseMultiPartFormDataInputStreamTest.php
index 7f312d94..5bac0508 100644
--- a/tests/ParseMultiPartFormDataInputStreamTest.php
+++ b/tests/ParseMultiPartFormDataInputStreamTest.php
@@ -35,4 +35,50 @@ DATA;
 
 
     }
+
+    public function testParseAttributes(){
+        $input = <<<DATA
+------WebKitFormBoundarySPB0RLYHwOEptxHU
+Content-Disposition: form-data; name="file"; filename="clint-eastwood_gettyimages-119202692jpg.jpg"
+Content-Type: image/jpeg
+
+
+------WebKitFormBoundarySPB0RLYHwOEptxHU
+Content-Disposition: form-data; name="class_name"
+
+PresentationSlide
+------WebKitFormBoundarySPB0RLYHwOEptxHU
+Content-Disposition: form-data; name="name"
+
+tets1 update update
+------WebKitFormBoundarySPB0RLYHwOEptxHU
+Content-Disposition: form-data; name="description"
+
+<p>test1</p>
+------WebKitFormBoundarySPB0RLYHwOEptxHU
+Content-Disposition: form-data; name="featured"
+
+false
+------WebKitFormBoundarySPB0RLYHwOEptxHU
+Content-Disposition: form-data; name="display_on_site"
+
+false
+------WebKitFormBoundarySPB0RLYHwOEptxHU
+Content-Disposition: form-data; name="link"
+
+https://www.google.com
+------WebKitFormBoundarySPB0RLYHwOEptxHU--
+  
+
+DATA;
+        $_SERVER['CONTENT_TYPE'] = 'multipart/form-data; boundary=----WebKitFormBoundarySPB0RLYHwOEptxHU';
+        $parser = new \utils\ParseMultiPartFormDataInputStream($input);
+
+        $res = $parser->getInput();
+
+
+        $this->assertTrue(isset($res['parameters']));
+        $this->assertTrue(count($res['parameters']) > 0);
+
+    }
 }
\ No newline at end of file