Edit report at https://bugs.php.net/bug.php?id=53929&edit=1
ID: 53929
Comment by: mf_peppa at yahoo dot com
Reported by: dungar at kabia dot fr
Summary: no-temporary name for a uploaded file
Status: Open
Type: Bug
Package: Filesystem function related
Operating System: debian
PHP Version: 5.3.5
Block user comment: N
Private report: N
New Comment:
same problem (mac os lion, php 5.3.6)
Previous Comments:
------------------------------------------------------------------------
[2011-02-04 19:25:09] dungar at kabia dot fr
Description:
------------
The function :is_uploaded_file return every time false.
(for a classical upload)
For find the file i must edit the path :
$file['file']['tmp_name']
by this path :
dirname($file['file']['tmp_name']).'/'.$file['file']['name']
The file of the tmp_name wasn't changed, and the uploaded name is used.
(May be dangerous for include attack ?)
Test script:
---------------
$oForms_File = new Forms_File();
if ( $oForms_File->isValid($_POST) ) {
$fFile = $oForms_File->getValue('file');
$adapter = new Zend_File_Transfer_Adapter_Http();
$adapter->setDestination(CORE_APP_DIR.DS.'modules'.DS.'bugtracking'.DS.'files','test.todel');
;
$file = $adapter->getFileInfo('file');
echo
file_get_contents(dirname($file['file']['tmp_name']).'/'.$file['file']['name']);exit;
test($file);
test($_FILES);
test( is_uploaded_file($_FILES['file']['tmp_name']) );
test($adapter->receive());
test($adapter->getMessages());
function ScanDirectory($Directory){
$MyDirectory = opendir($Directory) or die('Erreur');
while($Entry = @readdir($MyDirectory)) {
if(is_dir($Directory.'/'.$Entry)&& $Entry != '.' && $Entry !=
'..') {
echo '<ul>'.$Directory;
ScanDirectory($Directory.'/'.$Entry);
echo '</ul>';
}
else {
echo '<li>'.$Entry.'</li>';
}
}
closedir($MyDirectory);
}
ScanDirectory('/webdata/n/q/7a8fwoym65pts9/vbi3und15xa44wgw/php_upload');
<?php
class Forms_File extends Zend_Form {
public function __construct($options = null) {
parent::__construct($options);
// setting Form name, Form action and Form Ecryption type
$this->setName('file');
/*
$this->setAction($this->view->url(
array(
'module' =>
Zend_Controller_Front::getInstance()->getRequest()->getParam('module'),
'controller'=> 'files',
'action' => 'upload',
'id' =>
Zend_Controller_Front::getInstance()->getRequest()->getParam('id'),
), $this->routes['crud-action-controller-id'],
true)
);
*/
$this->setAttrib('enctype', 'multipart/form-data');
// creating object for Zend_Form_Element_File
$doc_file = new Zend_Form_Element_File('file');
$doc_file//->setLabel('Document File Path')
->setRequired(true);
// creating object for submit button
$submit = new Zend_Form_Element_Submit('submit');
$submit->setLabel('Upload File')
->setAttrib('id', 'submitbutton');
// adding elements to form Object
$this->addElements(array($doc_file, $submit));
}
}
<?php echo $this->oForm; ?>
Expected result:
----------------
test( is_uploaded_file($_FILES['file']['tmp_name']) ); => true
Actual result:
--------------
test( is_uploaded_file($_FILES['file']['tmp_name']) ); => false
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=53929&edit=1
