|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #31891 Revert $_FILES['file']['name'] behavior
Submitted: 2005-02-09 07:15 UTC Modified: 2015-03-23 22:24 UTC
Avg. Score:4.9 ± 0.3
Reproduced:16 of 20 (80.0%)
Same Version:13 (81.2%)
Same OS:9 (56.2%)
From: rbemrose at vgmusic dot com Assigned:
Status: Duplicate Package: *General Issues
PHP Version: 4CVS-2005-02-06 OS: Debian Linux unstable
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
48 - 28 = ?
Subscribe to this entry?

 [2005-02-09 07:15 UTC] rbemrose at vgmusic dot com
Prior to PHP 4.3.10, paths sent as part of a file field had any directory components sent by misbehaving browsers (IE) stripped out.

As of 4.3.10, this no longer happens, and breaks all PHP scripts dependant on the old behavior.

As an alternative, make basename() strip Windows paths when used on UNIX systems.

Reproduce code:
    if (get_magic_quotes_gpc()) {
        $filename = basename(stripslashes($_FILES['file1']['name']));
    } else {
        $filename = basename($_FILES['file1']['name']);

Expected result:
$filename should contain filename.ext

Actual result:
When IE is used, $filename contains Drive:\path\filename.ext


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-09 08:17 UTC] adconrad at 0c3 dot net
Note that the submitter isn't actually using 4.3.10, but rather 4.3.11-dev, as of 200502060530, as that is what's in Debian's current php4 packages.

This DID work correctly in 4.3.10, and all previous versions, however it was changed in CVS late in January, and bug reports filed about the backward compatibility issue were closed as "bogus" (see, for example, 31757).
 [2005-02-09 18:03 UTC] rbemrose at vgmusic dot com
Fixed version number.
 [2005-02-16 19:40 UTC] cristiano at mmp dot it
This is breaking lots of applications like mambo & phpcollab
 [2015-03-23 19:28 UTC]
-Status: Open +Status: Duplicate -Package: Feature/Change Request +Package: *General Issues
 [2015-03-23 19:28 UTC]
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. 

Thank you for your interest in PHP.

 [2015-03-23 22:24 UTC] rbemrose at vgmusic dot com
CMB: Not to sound rude, but did you just reopen a 10 year old bug just to mark it as a duplicate?

Also, it might be handy to, you know, note the bug its a duplicate of.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu Dec 08 06:05:52 2022 UTC