|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2011-02-04 19:25 UTC] dungar at kabia dot fr
Description:
------------
The function :is_uploaded_file return every time false.
(for a classical upload)
For find the file i must edit the path :
$file['file']['tmp_name']
by this path :
dirname($file['file']['tmp_name']).'/'.$file['file']['name']
The file of the tmp_name wasn't changed, and the uploaded name is used.
(May be dangerous for include attack ?)
Test script:
---------------
$oForms_File = new Forms_File();
if ( $oForms_File->isValid($_POST) ) {
$fFile = $oForms_File->getValue('file');
$adapter = new Zend_File_Transfer_Adapter_Http();
$adapter->setDestination(CORE_APP_DIR.DS.'modules'.DS.'bugtracking'.DS.'files','test.todel');
;
$file = $adapter->getFileInfo('file');
echo file_get_contents(dirname($file['file']['tmp_name']).'/'.$file['file']['name']);exit;
test($file);
test($_FILES);
test( is_uploaded_file($_FILES['file']['tmp_name']) );
test($adapter->receive());
test($adapter->getMessages());
function ScanDirectory($Directory){
$MyDirectory = opendir($Directory) or die('Erreur');
while($Entry = @readdir($MyDirectory)) {
if(is_dir($Directory.'/'.$Entry)&& $Entry != '.' && $Entry != '..') {
echo '<ul>'.$Directory;
ScanDirectory($Directory.'/'.$Entry);
echo '</ul>';
}
else {
echo '<li>'.$Entry.'</li>';
}
}
closedir($MyDirectory);
}
ScanDirectory('/webdata/n/q/7a8fwoym65pts9/vbi3und15xa44wgw/php_upload');
<?php
class Forms_File extends Zend_Form {
public function __construct($options = null) {
parent::__construct($options);
// setting Form name, Form action and Form Ecryption type
$this->setName('file');
/*
$this->setAction($this->view->url(
array(
'module' => Zend_Controller_Front::getInstance()->getRequest()->getParam('module'),
'controller'=> 'files',
'action' => 'upload',
'id' => Zend_Controller_Front::getInstance()->getRequest()->getParam('id'),
), $this->routes['crud-action-controller-id'], true)
);
*/
$this->setAttrib('enctype', 'multipart/form-data');
// creating object for Zend_Form_Element_File
$doc_file = new Zend_Form_Element_File('file');
$doc_file//->setLabel('Document File Path')
->setRequired(true);
// creating object for submit button
$submit = new Zend_Form_Element_Submit('submit');
$submit->setLabel('Upload File')
->setAttrib('id', 'submitbutton');
// adding elements to form Object
$this->addElements(array($doc_file, $submit));
}
}
<?php echo $this->oForm; ?>
Expected result:
----------------
test( is_uploaded_file($_FILES['file']['tmp_name']) ); => true
Actual result:
--------------
test( is_uploaded_file($_FILES['file']['tmp_name']) ); => false
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Tue Apr 23 09:01:27 2024 UTC |
oops, my bad - there is no problem with PHP, it's just a programming error - the guy who submitted this bug calls $fFile = $oForms_File->getValue('file'), which includes a move_uploaded_file() call... that's why the test results are wrong... i would recommend closing this bug