php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34496 single quote copying files
Submitted: 2005-09-14 04:54 UTC Modified: 2005-09-22 01:00 UTC
Votes:3
Avg. Score:4.3 ± 0.9
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:1 (50.0%)
From: before_after_death at yahoo dot com Assigned:
Status: No Feedback Package: *Directory/Filesystem functions
PHP Version: 5.0.4 OS: WINDOWS XP
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: before_after_death at yahoo dot com
New email:
PHP Version: OS:

 

 [2005-09-14 04:54 UTC] before_after_death at yahoo dot com
Description:
------------
There's bug that I found in PHP5.0.4 (I'm sorry if the problem has been fixed)
This is the problem:
for example: the $uploadfile=bring'iton.jpg
and the result: iton.jpg
it doesn't happen at PHP4 version, so I remigrate to PHP4 again.

Reproduce code:
---------------
<?
include "connect.config.php";
$cwdvar=getcwd();
$cwdvar1=str_replace("\\","/",$cwdvar);
$file_name = "$uploadFile_name";
echo "$uploadFile_name";
$file_name=str_replace("'","",$file_name);
$copy = copy($uploadFile,$file_name);
 if($copy){
 echo "<b>$file_name </b> upload succeed<br>";
 $query_insert="INSERT INTO dirfiles (filename, dirpath) VALUES ('$file_name', '$cwdvar1')";
 $query_res=mysql_query("$query_insert");
 if($query_res){
 echo "database updated";
 }
 }else{
 echo "<b>$file_name</b> database doesn't updated<br>";
 }
?>

Expected result:
----------------
i expect the result is bringiton.jpg (because there's an str_replace function)
and I try to remigrate to PHP4, the result is bringiton.jpg


Actual result:
--------------
The result is iton.jpg (at PHP 5.0.4)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-14 08:14 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php5-win32-latest.zip


 [2005-09-22 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2006-03-16 10:29 UTC] walther dot princee at centric dot nl
I'm experiencing a similar problem with file upload on php 5.0.4, 5.1.2 and 5.1.3-dev (feb 13) on win2k and windows2003. When sending a file with name: 
file with ' quote.txt 
then in the receiving script print_r($_FILES) gives:
Array ( [qfile] => Array ( [name] => quote.txt [type] => text/plain [tmp_name] => C:\WINNT\TEMP\php7C.tmp [error] => 0 [size] => 1968 ) ). So I have only the part of the filename after the '
 [2007-08-09 14:26 UTC] jeremiesaen at gmail dot com
I've the same problem with PHP Version 4.3.11 i can't apply a regular expression because $_FILE['name'] has already the name cutted
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jan 15 16:01:31 2025 UTC