php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #33918 File uploads: apostrophes cause filename to be incorrectly reported
Submitted: 2005-07-29 15:08 UTC Modified: 2005-07-29 15:28 UTC
From: lewis dot peckover at m-w dot co dot uk Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 5.0.4 OS: all?
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
29 - 4 = ?
Subscribe to this entry?

 
 [2005-07-29 15:08 UTC] lewis dot peckover at m-w dot co dot uk
Description:
------------
Any file uploaded that has a name containing an apostrophe ('), eg foo'bar.txt, will be incorrectly named in the $_FILES array. It will ignore all characters up to and including the apostrophe.

  foo'bar.txt  ->  bar.txt

Tested on PHP 4.3.10/Apache/FreeBSD 5.3 and PHP 5.0.4/IIS/Windows 2003.

Reproduce code:
---------------
<html>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data">
<input type="file" name="file"><input type="submit">
</form>
<pre>
<?php
print_r($_FILES);
?></pre>
</body>
</html>


Expected result:
----------------
Array
(
    [file] => Array
        (
            [name] => foo'bar.txt
            [type] => text/plain
            [tmp_name] => d:\PHP\uploadtemp\php9B1.tmp
            [error] => 0
            [size] => 9
        )

)

Actual result:
--------------
Array
(
    [file] => Array
        (
            [name] => bar.txt
            [type] => text/plain
            [tmp_name] => d:\PHP\uploadtemp\php9B1.tmp
            [error] => 0
            [size] => 9
        )

)



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-07-29 15:28 UTC] sniper@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 02:01:30 2024 UTC