Adam Conrad wrote:
Ross Bemrose said:It seems to be affecting IE for Windows browsers, because they returns the uploaded file as a Windows style path (with backslashes).
I'm not sure if all fields are affected by this, but stripslashes()
is not working on $_FILES['whatever']['name'], rendering uploads useless.
Can you be a bit more specific about what behaviour you're seeing, and what you're expecting it to do? Your description's a bit vague.
... Adam
Firstly, magic_quotes_gpc seems to be turned on, because get_magic_quotes_gpc() returns 1.
I have the following code fragment in a custom upload script
if (get_magic_quotes_gpc()) {
$filename = stripslashes($_FILES['file1']['name']);
} else {
$filename = $_FILES['file1']['name'];
}
$periodpos = strrpos($filename, ".");
$basename = substr($filename, 0, $periodpos);
$file = $basename . '.mid';
$textfile = $basename . '.txt';if (!preg_match("/^[\w\-]+$/", $basename)) {
$txtError .= '<li>We only allow filenames using the alphanumeric characters plus the _ and - characters. That means <b>no spaces</b>.</li>';
}
Users have been reporting that they are receiving the error above (printed later on after other filetests are performed). However, I don't have any log of what $basename contains.
This is also affecting my phpBB2 installation. Users are receiving messages similar to "C:\\My Documents\\cards.txt is an invalid filename." when they attempt to upload files.
This problem didn't appear until I used apt-get to update php yesterday.
-- R. Bemrose Webmaster, VGMusic.com
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 2/7/2005
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
