php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #31931 image upload returns path and red cross
Submitted: 2005-02-11 11:26 UTC Modified: 2005-02-20 18:28 UTC
Votes:4
Avg. Score:5.0 ± 0.0
Reproduced:4 of 4 (100.0%)
Same Version:3 (75.0%)
Same OS:3 (75.0%)
From: website at cellpacksolutions dot com Assigned: iliaa (profile)
Status: Closed Package: HTTP related
PHP Version: 4CVS-2005-02-11 (stable) OS: linux
Private report: No CVE-ID: None
 [2005-02-11 11:26 UTC] website at cellpacksolutions dot com
Description:
------------
Our webhosts have recently upgraded to the snapshot on production server!

However our upload script no longer works, worked ok on previous versions,

When you upload, all you get is a image with a red cross, and if you look at its properties it shows the path of the location on my c:/ drive!

hope this is helpful, i have found a few other people with similar issues! 

sorry i could not include any other information as i do not have access to it!


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-02-11 17:57 UTC] website at cellpacksolutions dot com
it seems to append the local drive onto the upload path
http://domiannamehere.co.uk/data/500/thumbs/C://SEARCH_PROGRAM//test.jpg

testing my local version of php4.3.10 works great

it is a well known script i use, and the develops also say it may be a bug! Thankyou!
 [2005-02-11 18:13 UTC] sniper@php.net
Ilia, you "broke" it. :)
For the reportee: Provide test case.

 [2005-02-12 02:33 UTC] sniper@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.


 [2005-02-12 17:48 UTC] sniper@php.net
Already fixed in CVS. (Can't reproduce with it)

 [2005-02-14 12:23 UTC] website at cellpacksolutions dot com
just recieved this comment from our hosts this morning:

We have tested the most recent available snapshot (9:30am) and the bug
regarding PHP file uploads is still present.  I would advise using the
temporary workaround (all it does is remove everything upto and include the
final \ thus providing you with only the filename) until the issue is
resolved with PHP 4.3.11.

As advised, unfortunately we are unable to revert back to 4.3.10 as this
contains severe vulnerabilities which we are unable to allow to exist on our
systems.  I will leave this ticket suspended in our queue and when we have
further information for you we will mail you again.
 [2005-02-14 12:36 UTC] website at cellpacksolutions dot com
I have tried using the basic upload code posted on the following thread:

http://www.phpfreaks.com/forums/index.php?showtopic=52077&pid=202571&st=0&#entry202571

which returns:

File (C:\\SEARCH PROGRAM\\product_pics\\3b880.jpg) uploaded!
testupload C:\\SEARCH PROGRAM\\product_pics\\3b880.jpg jpg 

scrolling over and selecting properties of the link shows:

http://domainname.co.uk/testupload/C://SEARCH

this is using the latest cvs version 9 am this morning!
 [2005-02-14 22:39 UTC] tech at rzpressure dot co dot uk
i get this to, it seems as though basename is no longer stripping windows paths. mind this seems to only affect ie browsers!
 [2005-02-15 01:29 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2005-02-18 12:35 UTC] website at cellpacksolutions dot com
Hi, the host has just updated to the latest cvs, however this problem still exists!
 [2005-02-20 18:28 UTC] iliaa@php.net
Well, it looks like they didn't update it correctly.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sun Nov 17 00:01:34 2019 UTC