|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #31891 Revert $_FILES['file']['name'] behavior
Submitted: 2005-02-09 07:15 UTC Modified: 2015-03-23 22:24 UTC
Avg. Score:4.9 ± 0.3
Reproduced:16 of 20 (80.0%)
Same Version:13 (81.2%)
Same OS:9 (56.2%)
From: rbemrose at vgmusic dot com Assigned:
Status: Duplicate Package: *General Issues
PHP Version: 4CVS-2005-02-06 OS: Debian Linux unstable
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: rbemrose at vgmusic dot com
New email:
PHP Version: OS:


 [2005-02-09 07:15 UTC] rbemrose at vgmusic dot com
Prior to PHP 4.3.10, paths sent as part of a file field had any directory components sent by misbehaving browsers (IE) stripped out.

As of 4.3.10, this no longer happens, and breaks all PHP scripts dependant on the old behavior.

As an alternative, make basename() strip Windows paths when used on UNIX systems.

Reproduce code:
    if (get_magic_quotes_gpc()) {
        $filename = basename(stripslashes($_FILES['file1']['name']));
    } else {
        $filename = basename($_FILES['file1']['name']);

Expected result:
$filename should contain filename.ext

Actual result:
When IE is used, $filename contains Drive:\path\filename.ext


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-09 08:17 UTC] adconrad at 0c3 dot net
Note that the submitter isn't actually using 4.3.10, but rather 4.3.11-dev, as of 200502060530, as that is what's in Debian's current php4 packages.

This DID work correctly in 4.3.10, and all previous versions, however it was changed in CVS late in January, and bug reports filed about the backward compatibility issue were closed as "bogus" (see, for example, 31757).
 [2005-02-09 18:03 UTC] rbemrose at vgmusic dot com
Fixed version number.
 [2005-02-16 19:40 UTC] cristiano at mmp dot it
This is breaking lots of applications like mambo & phpcollab
 [2015-03-23 19:28 UTC]
-Status: Open +Status: Duplicate -Package: Feature/Change Request +Package: *General Issues
 [2015-03-23 19:28 UTC]
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

 [2015-03-23 22:24 UTC] rbemrose at vgmusic dot com
CMB: Not to sound rude, but did you just reopen a 10 year old bug just to mark it as a duplicate?

Also, it might be handy to, you know, note the bug its a duplicate of.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Tue Dec 06 18:05:53 2022 UTC