Edit report at http://bugs.php.net/bug.php?id=23595&edit=1
ID: 23595 Comment by: zalim_gulum_01 at hotmail dot com Reported by: shb at widearea dot co dot uk Summary: File upload problems with arrays in HTML INPUT tags and register variables Status: Wont fix Type: Bug Package: Variables related Operating System: Linux and Solaris PHP Version: 4.3.2RC3 Block user comment: N Private report: N New Comment: <HTML><HEAD> <META content="text/html; charset=iso-8859-9" http-equiv=Content-Type> <META name=GENERATOR content="MSHTML 8.00.6001.19019"></HEAD> <BODY><BR><BR><BR><BR><BR><BR><BR><BR> <H1 style="TEXT-ALIGN: center; FONT-FAMILY: Verdana; COLOR: red">BU SÄ°TEYE ERÄ°ÅÄ°M HACKED BY Ä°BO // 1923TÃRK-GRUP KARARIYLA ENGELLENMÄ°ÅTÄ°R. </H1> <DIV style="TEXT-ALIGN: center"></DIV></BODY></HTML> Previous Comments: ------------------------------------------------------------------------ [2003-05-23 03:19:46] shb at widearea dot co dot uk We all know that things could be changed and as systems are updated they are changed. However, we are presented with thousands lines of code written for register globals. We cannot update to the 4.3.* series as long as this bug exists and we are not the only ones effected. If you could give a hint where the bug is, I will look at it. After all this is a piece of code which worked in version < 4.3.1 Simon. ------------------------------------------------------------------------ [2003-05-22 17:50:45] sni...@php.net This is due to fixing some other bug and for the compromise between having either that not fixed or this. It's much safer and recommended that you use the $_FILES and $_POST variables always anyway. ------------------------------------------------------------------------ [2003-05-12 12:38:30] shb at widearea dot co dot uk Assuming you have register variables enabled. With 4.3.1, when you post from this HTML <HTML> <BODY><H1>filename and extra</H1> <FORM METHOD="POST" ACTION="test.php" ENCTYPE="multipart/form-data"> <INPUT TYPE="FILE" NAME="fields[filename]"> <INPUT TYPE="HIDDEN" NAME="fields[extra]" VALUE="fred"> <INPUT TYPE="SUBMIT"> </FORM> </BODY> </HTML> to this: <?php var_dump($fields) ; ?> you get this: array(1) { ["extra"]=> string(4) "fred" } If you use this HTML: <HTML> <BODY><H1>filename </H1> <FORM METHOD="POST" ACTION="test.php" ENCTYPE="multipart/form-data"> <INPUT TYPE="FILE" NAME="fields[filename]"> <INPUT TYPE="SUBMIT"> </FORM> </BODY> </HTML> you get this: array(1) { ["filename"]=> string(14) "/tmp/phpSsMqed" } If you use the first file on PHP 4.2.3 you get the response which we believe is correct which is: array(2) { ["filename"]=> string(18) "/var/tmp/php7xaWYL" ["extra"]=> string(4) "fred" } The bug occurs on both our Linux RH 8.0 and Solaris 7/8 systems. We have not tried 4.3.2 pre-releases -- it has taken us long enough to find the problem! There are similar bug reports on old versions but we think that the transition from 4.2.3 to 4.3.1 has changed something. Regards, Simon. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=23595&edit=1