php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #31891 Revert $_FILES['file']['name'] behavior
Submitted: 2005-02-09 07:15 UTC Modified: 2015-03-23 22:24 UTC
Votes:25
Avg. Score:4.9 ± 0.3
Reproduced:16 of 20 (80.0%)
Same Version:13 (81.2%)
Same OS:9 (56.2%)
From: rbemrose at vgmusic dot com Assigned:
Status: Duplicate Package: *General Issues
PHP Version: 4CVS-2005-02-06 OS: Debian Linux unstable
Private report: No CVE-ID: None
 [2005-02-09 07:15 UTC] rbemrose at vgmusic dot com
Description:
------------
Prior to PHP 4.3.10, paths sent as part of a file field had any directory components sent by misbehaving browsers (IE) stripped out.

As of 4.3.10, this no longer happens, and breaks all PHP scripts dependant on the old behavior.

As an alternative, make basename() strip Windows paths when used on UNIX systems.

Reproduce code:
---------------
    if (get_magic_quotes_gpc()) {
        $filename = basename(stripslashes($_FILES['file1']['name']));
    } else {
        $filename = basename($_FILES['file1']['name']);
    }

Expected result:
----------------
$filename should contain filename.ext

Actual result:
--------------
When IE is used, $filename contains Drive:\path\filename.ext

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-09 08:17 UTC] adconrad at 0c3 dot net
Note that the submitter isn't actually using 4.3.10, but rather 4.3.11-dev, as of 200502060530, as that is what's in Debian's current php4 packages.

This DID work correctly in 4.3.10, and all previous versions, however it was changed in CVS late in January, and bug reports filed about the backward compatibility issue were closed as "bogus" (see, for example, 31757).
 [2005-02-09 18:03 UTC] rbemrose at vgmusic dot com
Fixed version number.
 [2005-02-16 19:40 UTC] cristiano at mmp dot it
This is breaking lots of applications like mambo & phpcollab
 [2015-03-23 19:28 UTC] cmb@php.net
-Status: Open +Status: Duplicate -Package: Feature/Change Request +Package: *General Issues
 [2015-03-23 19:28 UTC] cmb@php.net
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.


 [2015-03-23 22:24 UTC] rbemrose at vgmusic dot com
CMB: Not to sound rude, but did you just reopen a 10 year old bug just to mark it as a duplicate?

Also, it might be handy to, you know, note the bug its a duplicate of.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC