iliaa Thu Jan 20 12:57:07 2005 EDT Modified files: (Branch: PHP_5_0) /php-src NEWS /php-src/main rfc1867.c Log: MFH: Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get cutoff). http://cvs.php.net/diff.php/php-src/NEWS?r1=1.1760.2.200&r2=1.1760.2.201&ty=u Index: php-src/NEWS diff -u php-src/NEWS:1.1760.2.200 php-src/NEWS:1.1760.2.201 --- php-src/NEWS:1.1760.2.200 Thu Jan 20 09:28:56 2005 +++ php-src/NEWS Thu Jan 20 12:57:05 2005 @@ -21,6 +21,8 @@ call_user_func_array()). (phpbugs at domain51 dot net, Dmitry) - Fixed bug #31142 (imap_mail_compose() fails to generate correct output). (Ilia) - Fixed bug #31139 (XML Parser Functions seem to drop & when parsing). (Rob) +- Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get cutoff). + (Ilia) - Fixed bug #31111 (Compile failure of zend_strtod.c). (Derick) - Fixed bug #31110 (PHP 4.3.10 does not compile on Tru64 UNIX 5.1B). (Derick) - Fixed bug #31107 (Compile failure on Solaris 9 (Intel) and gcc 3.4.3). (Derick) http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.159.2.6&r2=1.159.2.7&ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.159.2.6 php-src/main/rfc1867.c:1.159.2.7 --- php-src/main/rfc1867.c:1.159.2.6 Sat Nov 20 15:16:27 2004 +++ php-src/main/rfc1867.c Thu Jan 20 12:57:06 2005 @@ -6,6 +6,7 @@ +----------------------------------------------------------------------+ | This source file is subject to version 3.0 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | | http://www.php.net/license/3_0.txt. | | If you did not receive a copy of the PHP license and are unable to | @@ -17,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: rfc1867.c,v 1.159.2.6 2004/11/20 20:16:27 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.159.2.7 2005/01/20 17:57:06 iliaa Exp $ */ /* * This product includes software developed by the Apache Group @@ -32,6 +33,7 @@ #include "php_globals.h" #include "php_variables.h" #include "rfc1867.h" +#include "ext/standard/php_string.h" #define DEBUG_FILE_UPLOAD ZEND_DEBUG @@ -847,7 +849,7 @@ while (!multipart_buffer_eof(mbuff TSRMLS_CC)) { char buff[FILLUNIT]; - char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; + char *cd=NULL,*param=NULL,*filename=NULL; int blen=0, wlen=0; zend_llist_clean(&header); @@ -1077,36 +1079,16 @@ str_len = strlen(filename); php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC); } - s = php_mb_strrchr(filename, '\\' TSRMLS_CC); - if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) > s) { - s = tmp; - } num_vars--; - } else { - s = strrchr(filename, '\\'); - if ((tmp = strrchr(filename, '/')) > s) { - s = tmp; - } - } -#else - s = strrchr(filename, '\\'); - if ((tmp = strrchr(filename, '/')) > s) { - s = tmp; } #endif + /* ensure that the uploaded file name only contains the path */ + php_basename(filename, strlen(filename), NULL, 0, &s, NULL TSRMLS_CC); + efree(filename); + filename = s; + if (!is_anonymous) { - if (PG(magic_quotes_gpc)) { - s = s ? s : filename; - tmp = strrchr(s, '\''); - s = tmp > s ? tmp : s; - tmp = strrchr(s, '"'); - s = tmp > s ? tmp : s; - } - if (s && s > filename) { - safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC); - } else { - safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC); - } + safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC); } /* Add $foo[name] */ @@ -1115,11 +1097,7 @@ } else { sprintf(lbuf, "%s[name]", param); } - if (s && s > filename) { - register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC); - } else { - register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); - } + register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); efree(filename); s = NULL;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php