|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-07-29 15:28 UTC] sniper@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Nov 01 00:00:01 2025 UTC |
Description: ------------ Any file uploaded that has a name containing an apostrophe ('), eg foo'bar.txt, will be incorrectly named in the $_FILES array. It will ignore all characters up to and including the apostrophe. foo'bar.txt -> bar.txt Tested on PHP 4.3.10/Apache/FreeBSD 5.3 and PHP 5.0.4/IIS/Windows 2003. Reproduce code: --------------- <html> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data"> <input type="file" name="file"><input type="submit"> </form> <pre> <?php print_r($_FILES); ?></pre> </body> </html> Expected result: ---------------- Array ( [file] => Array ( [name] => foo'bar.txt [type] => text/plain [tmp_name] => d:\PHP\uploadtemp\php9B1.tmp [error] => 0 [size] => 9 ) ) Actual result: -------------- Array ( [file] => Array ( [name] => bar.txt [type] => text/plain [tmp_name] => d:\PHP\uploadtemp\php9B1.tmp [error] => 0 [size] => 9 ) )