From:
Operating system: Linux
PHP version: 5.3.2
Package: PHP options/info functions
Bug Type: Feature/Change Request
Bug description: $_SERVER['PATH_INFO'] doesn't accept single quote in filename
Description:
------------
$_SERVER['PATH_INFO'] doesn't return single quote in filename.
Although single quote in filenames were used frequently in French while
using mediawiki server. But in recent versions of mediawiki (svn) we can
upload images or pdf files having quotes in their name, like "Rapport
d'activité.pdf" but we can't retrieve any more because the
$_SERVER['PATH_INFO'] is returning a question mark instead of a quote
"/6/6e/Rapport_d?activité.pdf". It has been working for years and now it
says "Access denied, you must log in".
It doesn't affect all wiki servers but only servers where access to files
is granted via the img_auth.php (which means that only logged users can
access to uploaded images).
The orginal code of img_auth.php was:
$path = $_SERVER['PATH_INFO'];
$filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );
wfDebugLog( 'img_auth', "\$path is {$path}" );
and the log output contains a question mark instead of the quote.
I decided to patch by replacing the question mark with a single quote:
$path = preg_replace('/\?/','\'', $_SERVER['PATH_INFO']);
and it works but it is not very clean.
What is wrong with having single quote in the PATH_INFO as long as
filenames can have single quote?
Many thanks for any information.
--
Edit bug report at http://bugs.php.net/bug.php?id=52293&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=52293&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=52293&r=trysnapshot53
Try a snapshot (trunk):
http://bugs.php.net/fix.php?id=52293&r=trysnapshottrunk
Fixed in SVN:
http://bugs.php.net/fix.php?id=52293&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=52293&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=52293&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=52293&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=52293&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=52293&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=52293&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=52293&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=52293&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=52293&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=52293&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=52293&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=52293&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=52293&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=52293&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=52293&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=52293&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=52293&r=mysqlcfg
