php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46313 Magic quotes broke $_FILES
Submitted: 2008-10-16 11:36 UTC Modified: 2008-10-21 08:23 UTC
From: david at grudl dot com Assigned:
Status: Closed Package: HTTP related
PHP Version: 5.3.0alpha2 OS: windows xp
Private report: No CVE-ID: None
 [2008-10-16 11:36 UTC] david at grudl dot com
Description:
------------
When magic_quotes_gpc are enabled, array $_FILES in weird.

1) truncated file name (see "closed" bug #29369)
2) slashes and non-slashed keys



Reproduce code:
---------------
<form action="" method="post" enctype="multipart/form-data">
<input type="file" name="o'file">
</form>

Lets upload file named o'brazek.png (there are quotes in element name and in file name to demonstrate both errors)






Expected result:
----------------
array(2) {
  "o\'file" => array(4) {
    "name" => string(11) "o'brazek.png" // or o\'brazek.png ?
    "type" => string(11) "image/x-png"
    "error" => int(0)
    "size" => int(20624)
    "tmp_name" => string(23) "C:\PHP\temp\php3ED8.tmp"
  }
}


Actual result:
--------------
array(2) {
  "o\'file" => array(4) {
    "name" => string(11) "o" // name is truncated after quote
    "type" => string(11) "image/x-png"
    "error" => int(0)
    "size" => int(20624)
  }
  "o'file" => array(1) { // tmp_name is stored in different key
    "tmp_name" => string(23) "C:\PHP\temp\php3ED8.tmp"
  }
}


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-10-20 18:49 UTC] lbarnaud@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Fixed for slashes vs non-slashed keys in $_FILES.

For truncated filenames, it seems to be wanted on Windows, as \ is a path separator.
 [2008-10-21 08:23 UTC] david at grudl dot com
Thank you for fix.

ad truncated filenames: the name is truncated after apostrophe (there is no slash in the file name) and only when magic quotes are on.
 [2012-05-22 16:54 UTC] ab@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src.git;a=commit;h=621fddab93468219aafb0392c7056e551defa1fa
Log: Fix bug #62109 tests\basic\bug46313-win.phpt fails
 [2014-10-07 23:25 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=621fddab93468219aafb0392c7056e551defa1fa
Log: Fix bug #62109 tests\basic\bug46313-win.phpt fails
 [2014-10-07 23:36 UTC] stas@php.net
Automatic comment on behalf of ab
Revision: http://git.php.net/?p=php-src-security.git;a=commit;h=621fddab93468219aafb0392c7056e551defa1fa
Log: Fix bug #62109 tests\basic\bug46313-win.phpt fails
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 08:01:29 2024 UTC