php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7597 similar to #5375. when filtering double slashes from file upload
Submitted: 2000-11-02 13:49 UTC Modified: 2001-10-22 14:24 UTC
From: shensche at defcom dot de Assigned:
Status: Closed Package: Filesystem function related
PHP Version: 4.0.6RC2 OS: Linux 2.2.13
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: shensche at defcom dot de
New email:
PHP Version: OS:

 

 [2000-11-02 13:49 UTC] shensche at defcom dot de
when filtering the double slashes from "tmp_name" from an $HTTP_POST_FILE, it cannot be moved to the proper location anymore. this is similar to the problem addressed by bugreport #5375 with windowsNT.

config: php version 4.03pl1 in safe-mode 
        with mysql and gd
        on a suse linux 6.4

well, but i know it is not so much of a problem: just do not tamper with the "tmp_name" and everything is alright. does anyone know a reason for really doing that?


cheers, 
 sebastian

------------ example code -------------------------

<?php

if ($HTTP_POST_VARS["update"] == 1) {
   $src = $HTTP_POST_FILES["upload_file"]["tmp_name"];

   /*
    * BUG here: double slashes are stripped and php cannot       * move the uploaded file anymore.
    */
   $src = ereg_replace ("//", "/", $src);

   move_uploaded_file ($src, "pic.jpg");
}

?>

<html>
<body>

<form action="<?php echo $PHP_SELF ?>" method="POST"                                  enctype="multipart/form-data">
   <input type="hidden" name="update" value="1">
   
    hochladen: <input type="file" name="upload_file"><br>
   <img src="pic.jpg"><br>
   <input type="submit">
</form>

</body>
</html>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-14 06:10 UTC] stas@php.net
Can you please print $src before and after the ereg and let
us know what happened there?

 [2000-11-29 07:45 UTC] shensche at defcom dot de
of course, for example a simple echo (echo "before ereg: $src";):

before ereg: /tmp//phpTc5nNp
after ereg: /tmp/phpTc5nNp

 [2001-06-03 01:09 UTC] sniper@php.net
This should be fixed with PHP 4.0.6, please try the 
latest release candidate:

http://www.php.net/~andi/php-4.0.6RC2.tar.gz

-Jani

 [2001-06-05 12:49 UTC] shensche at defcom dot de
sorry to say that but it still does not work. if replace the
double slashes, the move_uploaded_file() fun returns false
without issuing any warning. commenting out the line with
the replacement leads to the desired result. code is the
same as stated in the initial posting.
my system changed slightly (suse 6.3, linux 2.2.13, apache
1.3.9, still mysql and gd-support compiled in) but that
should not matter, should it?


cheers and thanks for your help,
 sebastian
 [2001-10-20 21:00 UTC] sniper@php.net
Sorry for late reply. Could you please explain WHY you
need to filter the double slashes out? It is not necessary.

--Jani

 [2001-10-22 07:38 UTC] shensche at defcom dot de
g'day...

sorry, i do not know anymore why i wanted to filter out the slashes. perhaps it was just a re-used routine to filter out double slashes in URLs. i just stumbled over it and wanted to tell you. do not worry too much about it. :)

 [2001-10-22 14:24 UTC] sniper@php.net
Only bug in your scripts. Not in PHP.

--Jani

 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC