#33918 [NEW]: File uploads: apostrophes cause filename to be incorrectly reported

Fri, 29 Jul 2005 06:08:42 -0700 

From:             lewis dot peckover at m-w dot co dot uk
Operating system: all?
PHP version:      5.0.4
PHP Bug Type:     Unknown/Other Function
Bug description:  File uploads: apostrophes cause filename to be incorrectly 
reported

Description:
------------
Any file uploaded that has a name containing an apostrophe ('), eg
foo'bar.txt, will be incorrectly named in the $_FILES array. It will
ignore all characters up to and including the apostrophe.

  foo'bar.txt  ->  bar.txt

Tested on PHP 4.3.10/Apache/FreeBSD 5.3 and PHP 5.0.4/IIS/Windows 2003.

Reproduce code:
---------------
<html>
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"
enctype="multipart/form-data">
<input type="file" name="file"><input type="submit">
</form>
<pre>
<?php
print_r($_FILES);
?></pre>
</body>
</html>


Expected result:
----------------
Array
(
    [file] => Array
        (
            [name] => foo'bar.txt
            [type] => text/plain
            [tmp_name] => d:\PHP\uploadtemp\php9B1.tmp
            [error] => 0
            [size] => 9
        )

)

Actual result:
--------------
Array
(
    [file] => Array
        (
            [name] => bar.txt
            [type] => text/plain
            [tmp_name] => d:\PHP\uploadtemp\php9B1.tmp
            [error] => 0
            [size] => 9
        )

)



-- 
Edit bug report at http://bugs.php.net/?id=33918&edit=1
-- 
Try a CVS snapshot (php4):   http://bugs.php.net/fix.php?id=33918&r=trysnapshot4
Try a CVS snapshot (php5.0): 
http://bugs.php.net/fix.php?id=33918&r=trysnapshot50
Try a CVS snapshot (php5.1): 
http://bugs.php.net/fix.php?id=33918&r=trysnapshot51
Fixed in CVS:                http://bugs.php.net/fix.php?id=33918&r=fixedcvs
Fixed in release:            http://bugs.php.net/fix.php?id=33918&r=alreadyfixed
Need backtrace:              http://bugs.php.net/fix.php?id=33918&r=needtrace
Need Reproduce Script:       http://bugs.php.net/fix.php?id=33918&r=needscript
Try newer version:           http://bugs.php.net/fix.php?id=33918&r=oldversion
Not developer issue:         http://bugs.php.net/fix.php?id=33918&r=support
Expected behavior:           http://bugs.php.net/fix.php?id=33918&r=notwrong
Not enough info:             
http://bugs.php.net/fix.php?id=33918&r=notenoughinfo
Submitted twice:             
http://bugs.php.net/fix.php?id=33918&r=submittedtwice
register_globals:            http://bugs.php.net/fix.php?id=33918&r=globals
PHP 3 support discontinued:  http://bugs.php.net/fix.php?id=33918&r=php3
Daylight Savings:            http://bugs.php.net/fix.php?id=33918&r=dst
IIS Stability:               http://bugs.php.net/fix.php?id=33918&r=isapi
Install GNU Sed:             http://bugs.php.net/fix.php?id=33918&r=gnused
Floating point limitations:  http://bugs.php.net/fix.php?id=33918&r=float
No Zend Extensions:          http://bugs.php.net/fix.php?id=33918&r=nozend
MySQL Configuration Error:   http://bugs.php.net/fix.php?id=33918&r=mysqlcfg

Reply via email to