ID: 48344 Comment by: carsten_sttgt at gmx dot de Reported By: danymoussa at gmail dot com Status: Open Bug Type: *General Issues Operating System: Centos 5 PHP Version: 5.2.9 New Comment:
The Content-Type is set by your browser (or what ever UA you are using for the POST request). That's the reason for: Don't trust the "type" in $_FILES. (An UA can set this to every value it want.) In addition: If no Content-Type is set by the UA, the default is "application/octet-stream". Regards, Carsten Previous Comments: ------------------------------------------------------------------------ [2009-05-20 11:24:49] danymoussa at gmail dot com Submission error, flip actual result with expected result ------------------------------------------------------------------------ [2009-05-20 11:20:19] danymoussa at gmail dot com Description: ------------ This is a very serious problem that i never faced in php earlier version. However i tried to hack into my jpg-upload-image script and was able to do that by inserting a renamed shell script: pic1.php.jpg Reproduce code: --------------- <form action="upload.php" method="post" enctype="multipart/form-data"> <input type="file" name="file"> <input type="submit" value="Upload"> </form> print_r($_FILES); Expected result: ---------------- [file] => Array ( [name] => pic.php.jpg [type] => image/jpeg [tmp_name] => /tmp/php96MEPH [error] => 0 [size] => 23052 ) Actual result: -------------- [file] => Array ( [name] => pic.php.jpg [type] => application/octet-stream [tmp_name] => /tmp/php96MEPH [error] => 0 [size] => 23052 ) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=48344&edit=1