php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #28802 name of file upload cutted in php4.3.7
Submitted: 2004-06-16 11:52 UTC Modified: 2004-07-04 19:09 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: mstaiger at informatik dot uni-siegen dot de Assigned:
Status: Not a bug Package: HTTP related
PHP Version: 4.3.7 OS: win 2k server
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mstaiger at informatik dot uni-siegen dot de
New email:
PHP Version: OS:

 

 [2004-06-16 11:52 UTC] mstaiger at informatik dot uni-siegen dot de
Description:
------------
The typical file-upload HTML-command:

<input type="file" size=50 name="userfile">

creates an input field to pick a file from the local machine.

We used to "abuse" this field also to insert URLs instead of physical filenames which worked fine so far. When entered "http://www.somedomain.com" the php variable $_FILES['userfile']['name'] contained the entire URL : "http://www.somedomain.com"

Now, the new version seems to cut everything before the last slash and $_FILES['userfile']['name'] contains only "www.somedomain.com", without "http://" .

We could not find any documentation for this behaviour and doubt that this behaviour was desired?


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-06-18 20:02 UTC] imprestavel at gameguru dot com dot br
You may try:
<input type="text" size=50 name="userURL">

Using input-file for URL was not desired because input-file is for uploading local files.


From the manual:
http://www.php.net/manual/en/features.file-upload.php

"$_FILES['userfile']['name']
    The *original name* of the *file on the client machine*."

original name != url/path

And if the client/browser decides to upload a "fake" empty file, because it doesn't exist locally, there is nothing php can do about it, but you could check that and do something
 [2004-07-04 19:09 UTC] iliaa@php.net
The original path is just the filename, not the path + 
filename. 
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Fri May 20 21:03:41 2022 UTC