|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31757 $_FILES['userfile']['name'] returns entire directory with IE
Submitted: 2005-01-30 01:01 UTC Modified: 2005-01-31 22:22 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: andrew at eiknet dot com Assigned:
Status: Not a bug Package: *Directory/Filesystem functions
PHP Version: 4CVS-2005-01-30 (stable) OS: RH Linux 8
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: andrew at eiknet dot com
New email:
PHP Version: OS:


 [2005-01-30 01:01 UTC] andrew at eiknet dot com
While uploading a file using a script the $_FILES['userfile']['name'] variable returns the entire upload path, but only when using IE.  The issue does not show up using Firefox.

Using IE:

$_FILES['userfile']['name'] -> C:\Documents and Settings\RARankin\Desktop\groupe_alliance_2004_gb.jpg

Using Firefox:

$_FILES['userfile']['name'] -> groupe_alliance_2004_gb.jpg

Didnt happen before updating to 4.3.10+, I'm using a dev version due to compilation errors w/ GD in *.10.

Error showed itself w/ phpBB's attachment modification.



Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-30 07:27 UTC] none at null dot xxx
I don't think this is a bug in PHP, it's a questionable design feature of IE. PHP is just returning the unmodified filename supplied by the client as part of the upload process. If you wish to obtain just the filename you should probably use basename($_FILES['userfile']['name']).
 [2005-01-31 18:05 UTC] fsolinas at it dot tiscali dot com
Reproduced after upgrading to 4.3.11-dev.
I'm using php4-STABLE-200501210930 due to bug #31398.
 [2005-01-31 22:22 UTC]
IE bug -> report to Mickeysoft.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Apr 25 04:01:38 2024 UTC