Req #52293 [Opn->Bgs]: $_SERVER['PATH_INFO'] doesn't accept single quote in filename

Thu, 15 Jul 2010 22:18:37 -0700 

Edit report at http://bugs.php.net/bug.php?id=52293&edit=1

 ID:               52293
 Updated by:       ahar...@php.net
 Reported by:      brouard at ined dot fr
 Summary:           $_SERVER['PATH_INFO'] doesn't accept single quote in
                   filename
-Status:           Open
+Status:           Bogus
 Type:             Feature/Change Request
 Package:          PHP options/info functions
 Operating System: Linux
 PHP Version:      5.3.2

 New Comment:

PHP gets the value of PATH_INFO from the Web server, so it's much more

likely to be a problem there.


Previous Comments:
------------------------------------------------------------------------
[2010-07-11 01:10:46] jinmoku at hotmail dot com

use utf8_(de|en)code, it's the browser and/or the server who's write
this

------------------------------------------------------------------------
[2010-07-08 20:41:27] brouard at ined dot fr

Description:
------------
 $_SERVER['PATH_INFO'] doesn't return single quote in filename.

Although single quote in filenames were used frequently in French while
using mediawiki server. But in recent versions of mediawiki (svn) we can
upload images or pdf files having quotes in their name, like "Rapport
d'activité.pdf" but we can't retrieve any more because the
$_SERVER['PATH_INFO'] is returning a question mark instead of a quote
"/6/6e/Rapport_d?activité.pdf". It has been working for years and now
it says "Access denied, you must log in".



It doesn't affect all wiki servers but only servers where access to
files is granted via the img_auth.php (which means that only logged
users can access to uploaded images).



The orginal code of img_auth.php was:

  $path = $_SERVER['PATH_INFO'];

  $filename = realpath( $wgUploadDirectory . $_SERVER['PATH_INFO'] );

  wfDebugLog( 'img_auth', "\$path is {$path}" );



and the log output contains a question mark instead of the quote.



I decided to patch by replacing the question mark with a single quote:

 

 $path = preg_replace('/\?/','\'', $_SERVER['PATH_INFO']);



and it works but it is not very clean.



What is wrong with having single quote in the PATH_INFO as long as
filenames can have single quote?



Many thanks for any information.

 







------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52293&edit=1

Reply via email to