iliaa Thu Jan 20 12:57:07 2005 EDT
Modified files: (Branch: PHP_5_0)
/php-src NEWS
/php-src/main rfc1867.c
Log:
MFH: Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with '
get cutoff).
http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.200&r2=1.1760.2.201&ty=u
Index: php-src/NEWS
diff -u php-src/NEWS:1.1760.2.200 php-src/NEWS:1.1760.2.201
--- php-src/NEWS:1.1760.2.200 Thu Jan 20 09:28:56 2005
+++ php-src/NEWS Thu Jan 20 12:57:05 2005
@@ -21,6 +21,8 @@
call_user_func_array()). (phpbugs at domain51 dot net, Dmitry)
- Fixed bug #31142 (imap_mail_compose() fails to generate correct output).
(Ilia)
- Fixed bug #31139 (XML Parser Functions seem to drop & when parsing).
(Rob)
+- Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get
cutoff).
+ (Ilia)
- Fixed bug #31111 (Compile failure of zend_strtod.c). (Derick)
- Fixed bug #31110 (PHP 4.3.10 does not compile on Tru64 UNIX 5.1B). (Derick)
- Fixed bug #31107 (Compile failure on Solaris 9 (Intel) and gcc 3.4.3).
(Derick)
http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.159.2.6&r2=1.159.2.7&ty=u
Index: php-src/main/rfc1867.c
diff -u php-src/main/rfc1867.c:1.159.2.6 php-src/main/rfc1867.c:1.159.2.7
--- php-src/main/rfc1867.c:1.159.2.6 Sat Nov 20 15:16:27 2004
+++ php-src/main/rfc1867.c Thu Jan 20 12:57:06 2005
@@ -6,6 +6,7 @@
+----------------------------------------------------------------------+
| This source file is subject to version 3.0 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
+
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_0.txt. |
| If you did not receive a copy of the PHP license and are unable to |
@@ -17,7 +18,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: rfc1867.c,v 1.159.2.6 2004/11/20 20:16:27 sesser Exp $ */
+/* $Id: rfc1867.c,v 1.159.2.7 2005/01/20 17:57:06 iliaa Exp $ */
/*
* This product includes software developed by the Apache Group
@@ -32,6 +33,7 @@
#include "php_globals.h"
#include "php_variables.h"
#include "rfc1867.h"
+#include "ext/standard/php_string.h"
#define DEBUG_FILE_UPLOAD ZEND_DEBUG
@@ -847,7 +849,7 @@
while (!multipart_buffer_eof(mbuff TSRMLS_CC))
{
char buff[FILLUNIT];
- char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
+ char *cd=NULL,*param=NULL,*filename=NULL;
int blen=0, wlen=0;
zend_llist_clean(&header);
@@ -1077,36 +1079,16 @@
str_len = strlen(filename);
php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC);
}
- s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
- if ((tmp = php_mb_strrchr(filename, '/'
TSRMLS_CC)) > s) {
- s = tmp;
- }
num_vars--;
- } else {
- s = strrchr(filename, '\\');
- if ((tmp = strrchr(filename, '/')) > s) {
- s = tmp;
- }
- }
-#else
- s = strrchr(filename, '\\');
- if ((tmp = strrchr(filename, '/')) > s) {
- s = tmp;
}
#endif
+ /* ensure that the uploaded file name only contains the
path */
+ php_basename(filename, strlen(filename), NULL, 0, &s,
NULL TSRMLS_CC);
+ efree(filename);
+ filename = s;
+
if (!is_anonymous) {
- if (PG(magic_quotes_gpc)) {
- s = s ? s : filename;
- tmp = strrchr(s, '\'');
- s = tmp > s ? tmp : s;
- tmp = strrchr(s, '"');
- s = tmp > s ? tmp : s;
- }
- if (s && s > filename) {
- safe_php_register_variable(lbuf, s+1,
NULL, 0 TSRMLS_CC);
- } else {
- safe_php_register_variable(lbuf,
filename, NULL, 0 TSRMLS_CC);
- }
+ safe_php_register_variable(lbuf, filename,
NULL, 0 TSRMLS_CC);
}
/* Add $foo[name] */
@@ -1115,11 +1097,7 @@
} else {
sprintf(lbuf, "%s[name]", param);
}
- if (s && s > filename) {
- register_http_post_files_variable(lbuf, s+1,
http_post_files, 0 TSRMLS_CC);
- } else {
- register_http_post_files_variable(lbuf,
filename, http_post_files, 0 TSRMLS_CC);
- }
+ register_http_post_files_variable(lbuf, filename,
http_post_files, 0 TSRMLS_CC);
efree(filename);
s = NULL;
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
