On Tue, June 19, 2007 5:19 am, Tim Starling wrote: > Can someone explain the closing comment on this bug report to me? > > http://bugs.php.net/bug.php?id=38245 > > Surely in a addslashes-escaped string, \\ is the Windows directory > separator, not \. > > The bug clearly describes irreversible corruption of upload filenames > by > PHP. I just had a report of it in a MediaWiki context, and I can't > believe that it wouldn't be considered a bug.
Coming in late, but there has been no response I can see so far... You may also want to test with magic_quotes_gpc *OFF* and see if that makes a difference. I'm not sure why basename would be applied at all, since the browser only sends the basename of the file anyway, no? Perhaps, however, this is to avoid "hacks" that upload files with bogus filenames in attempts to do evil things... Even so, the basename should/could be applied before the magic quotes, I should think. On the plus side, if this bug gets people to turn OFF Magic Quotes, that's a net gain. :-) -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
