ID: 32232 User updated by: crandym2003 at yahoo dot com Reported By: crandym2003 at yahoo dot com -Status: No Feedback +Status: Open Bug Type: CGI related Operating System: Windows/Unix PHP Version: 4.3.10 New Comment:
[EMAIL PROTECTED]: Sorry, I've been unable to check my email for the past couple of weeks. Below is the complete script: The first script is a php file used to capture user input. The second script is a php file that is called by the POST to store data to mysql and upload the file (using $_FILES). If you enter text data into the TEXTAREA of the first script that contains a trademark special character, the first hidden field is lost through the POST (i.e., the variable is undefined going into the next script). To work around this problem, I've defined the hidden fields at the end of the script just before </form>. I normally define hidden fields after the <form> statement. Somehow, when using the special trademark character ™ in the body of text in the TEXTAREA input box, causes the $_POST to ignore the first hidden field. When this happens, the second script fails because it is looking for parameters set in the hidden field. I have found this same problem before when other special characters are entered. At first, I couldn't figure out why a hidden field wasn't being recognized on the following designated post page. The problem exists on the lastest 4.3.10 and at least as far back as 4.3.4. I am running Internet Explorer 6.0.2900.2180 on Windows XP Professional (Service Pack 2) with IIS. But I've tested and found the same problem when running under UNIX/Apache and Internet Explorer 6.0.2.2900.2180. Hope this helps you reproduce the problem. It has been a problem for quite some time, but is only a problem when special characters are entered. Randy +---------------------------------------------+ <?php /* edit_series.php * Functions used to support displaying administrative series information * Written By: Randy Martin * Date: 1/27/05 */ // include database files and start session include('../directory_map.php'); // check to see if user authorized to view this page if (!check_access(4)) { $HTTP_SESSION_VARS['login_attempt'] = 'unauthorized'; header("Location: login.php"); exit; }; // editing an existing series // if series value is set, a series value is being passed to this page // so we need to edit an existing record instead of create a new one if (isset($HTTP_GET_VARS['series_id']) && $HTTP_GET_VARS['series_id'] <> '') { $m = get_record_array('series', 'series_id', $HTTP_GET_VARS['series_id']); // clean up data foreach($m as $key => $val) { $m[$key] = trim(clean_entities($val)); }; $series_id = $m['series_id']; $series_name = $m['series_name']; $series_briefdesc = $m['series_briefdesc']; $series_desc = $m['series_desc']; $series_key = $m['series_key']; $series_photo = '../photos/series/'.$m['series_photo']; $series_label = 'Series '.$series_name; } else { $series_id = ''; $series_name = ''; $series_key = ''; $series_desc = ''; $series_photo = ''; $series_label = 'New Series'; }; include('./ssi_header.php'); ?> <SCRIPT language=javascript type=text/javascript> function CheckForm(EditSeries){ if(EditSeries.series_name.value == ""){ alert("EditSeries name is a required field."); EditSeries.series_name.focus(); return false; } return true } </SCRIPT> <?php print '<form name=EditSeries action="submit_series.php" method="post" enctype="multipart/form-data" onsubmit="return CheckForm(this)">'; // hidden field variables defined below to workaround php bug include('./ssi_navbar.php'); print '<TABLE width=100% cellspacing=0 cellpadding=0 border=0>'; print '<TBODY>'; print '<TR>'; print '<TD>'; print '<br>'; print '<H2 class="Admin"> '.$series_label.'</STRONG></H2>'; print '</TD>'; print '</TR>'; print '</TBODY>'; print '</TABLE>'; print '<TABLE width="100%" cellspacing=0 cellpadding=0 border=0>'; print '<TR>'; print '<TD width=0></TD>'; print '<TD>'; print '<TABLE width="100%" cellspacing=0 cellpadding=0 border=0>'; print '<TR>'; print '<TD class=fieldname width="15%">Name: </TD>'; print '<TD width="85%"><INPUT class=FormAdmin maxLength=40 size=57 name=series_name value="'.$series_name.'"></TD>'; print '</TR>'; print '<TR>'; print '<TD class=fieldname width="15%">Initials: </TD>'; print '<TD width="85%"><INPUT class=FormAdmin maxLength=10 size=10 name=series_key value="'.$series_key.'"></TD>'; print '</TR>'; print '<TR>'; print '<TD class=fieldname width="15%">Brief Desc: </TD>'; print '<TD width="85%"><INPUT class=FormAdmin maxLength=200 size=57 name=series_briefdesc value="'.$series_briefdesc.'"></TD>'; print '</TR>'; print '<TR>'; print '<TD class=fieldname width="15%" valign="top" >Full Desc: </TD>'; print '<TD width="85%"><TEXTAREA class=FormAdmin name=series_desc rows=8 wrap=virtual cols=66>'.$series_desc.'</TEXTAREA></TD>'; print '</TR>'; print '<TR>'; print '<TD class=fieldname width="15%" >Photo: </TD>'; print '<TD width="85%"><input class=FormAdmin type="file" size="56" name="series_photo" value=""></TD>'; print '</TR>'; if (is_file($series_photo)) { $array = get_display_size($series_photo); $width = $array[0]; $height = $array[1]; print '<TR>'; print '<TD class=fieldname valign="top" ><input type="checkbox" name="del_photo" >Delete? </TD>'; print '<TD class=formfield> <img src="'.$series_photo.'?'.rand(0,99999).'" width="'.$width.'" height="'.$height.'"></TD>'; print '</TR>'; }; print '<TR>'; print '<TD width="15%"></TD>'; print '<TD width="85%"></TD>'; print '</TR>'; print '<TR>'; print '<TD width="15%"></TD>'; print '<TD width="85%"><BR><INPUT class=FormAdmin type="submit" value="Submit" > <button class=FormAdmin type="button" onclick="history.back()">Cancel</button></TD>'; print '</TR>'; print '</TABLE>'; print '</TD>'; print '</TR>'; print '</TABLE>'; // hidden items located here to overcome php bug when special characters are entered on form // series below is dummy value because of bug print '<input type="hidden" name="series" value="">'; print '<input type="hidden" name="series_id" value="'.$series_id.'">'; print '<input type="hidden" name="destination" value="'.$HTTP_SERVER_VARS['HTTP_REFERER'].'">'; print '<input type="hidden" name="MAX_FILE_SIZE" value="1000000">'; print '</form>'; include('./ssi_footer.php'); ?> +--------------------------------------------+ Next is the complete script which stores data to mysql and uploads the file +--------------------------------------------+ <?php /* submit_series.php * Used to add or modify series records * Written By: Randy Martin * Date: 3/1/05 */ // include database files and start session include('../directory_map.php'); // check to see if user authorized to view this page if (!check_access(4)) { $HTTP_SESSION_VARS['login_attempt'] = 'unauthorized'; header("Location: login.php"); exit; }; // Add Slashes to all fields submitted from a form. // and set local variables with same name as form // if magic_quotes_gpc is turned off in php.ini file if (! get_magic_quotes_gpc()) { foreach($HTTP_POST_VARS as $key => $val) { if($val!="") { // dont process null fields $HTTP_POST_VARS[$key] = addslashes($val); }; }; }; // set local hidden variables passed from previous page $series_id = $HTTP_POST_VARS['series_id']; $series_key = $HTTP_POST_VARS['series_key']; $series_name = $HTTP_POST_VARS['series_name']; $series_briefdesc = $HTTP_POST_VARS['series_briefdesc']; $series_desc = $HTTP_POST_VARS['series_desc']; $destination = $HTTP_POST_VARS['destination']; $image_fields = Array ('_photo'); if (isset($HTTP_POST_VARS['series_id']) && $HTTP_POST_VARS['series_id']!='') { // It's an update to an existing series record $series_id = $HTTP_POST_VARS['series_id']; $query = "update series set series_name = '$series_name', series_key = '$series_key', series_briefdesc = '$series_briefdesc', series_desc = '$series_desc' where series_id = $series_id"; $result = db_query($query, 'submit_series.php'); } else { // It's a new series so insert into new record - mod_id automatically created $query = "insert into series (series_key, series_name, series_briefdesc, series_desc) values ('$series_key', '$series_name', '$series_briefdesc', '$series_desc')"; $result = db_query($query, 'submit_series.php'); $series_id = mysql_insert_id(); }; // folder where photos are saved $directory = '../photos/series'; $photo_extension = 'series'; // go through the list of images and add/change or delete as necessary foreach ($image_fields as $dbentry) { $entry = 'series'.$dbentry; $entry_filename = $photo_extension.$dbentry; $del_entry = 'del'.$dbentry; // check to see if there was an error in the upload; $error = $_FILES[$entry]['error']; if ($error > 0 && $error < 4) { switch($error){ // size determine by upload_max_filesize setting in php.ini file case 1: $tmp_msg = 'The file exceeded upload_max_filesize setting in the php.ini file.'; break; // size determine by html file MAX_FILE_SIZE setting in hidden field case 2: $tmp_msg = 'The file exceeded the MAX_FILE_SIZE setting in the html form.'; break; case 3: $tmp_msg = 'Tile file was only partially uploaded.'; break; }; $message = 'There was an error while uploading the designated file.'.'<br>'; $message .= $tmp_msg.'<br>'; $message .= 'The filename is: "'.$_FILES[$entry]['name'].'"<br>'; $message .= 'Please click the link below to return to the Administration Page.<br><br>'; $message .= '<a href="admin_series.php?series_type='.$series_type.'">Return to Article Administration Page</a>'; log_error('submit_series.php', 'File Upload', $_FILES[$entry]['type'], $message, 'USER'); exit; }; if ( (isset($_FILES[$entry]['name']) && is_uploaded_file($_FILES[$entry]['tmp_name']))) { $type = $_FILES[$entry]['type']; // supported formats include png and jpeg image files // bmp and gif formats are not supported with php image creation routines // used to generate thumbnail images switch ($type) { case 'image/png': $extension = '.png';break; case 'image/x-png': $extension = '.png';break; //case 'image/bmp': $extension = '.bmp';break; case 'image/jpeg': $extension = '.jpg';break; //case 'image/gif': $extension = '.gif';break; case 'image/pjpeg': $extension = '.jpg';break; default: $extension = ""; }; if ($extension == "") { // need to remove the file we just moved $message = 'You have submitted an unsupported image file format.'.'<br>'; $message .= 'The unsupported filename is: "'.$_FILES[$entry]['name'].'"<br>'; $message .= 'Please click the link below to return to the Administration Page.<br><br>'; $message .= '<a href="admin_series.php?series_type='.$series_type.'">Return to Article Administration Page</a>'; log_error('submit_series.php', 'File Upload', $_FILES[$entry]['type'], $message, 'USER'); // we have an invalid file so we don't want to update the database // or move any files around by continuing exit; }; // name of file to be stored in database $database_file = $series_id.'_'.$entry_filename.$extension; // have a supported image type which needs to be moved via. full path $dirfilename = $directory.'/'.$database_file; move_uploaded_file($_FILES[$entry]['tmp_name'], $dirfilename); $border = 0; $thumbnail_width = SERIES_WIDTH; $thumbnail_height = SERIES_HEIGHT; $filewritten = CreateThumbnail($database_file, $directory, $thumbnail_width, $thumbnail_height, $border); // now we can insert the new filename into the database $query = "update series set $entry = '$database_file' where series_id = $series_id"; $result = db_query($query, 'submit_series.php'); } else { // No new file was designated therefore need to see if delete checkbox was checked if (isset($HTTP_POST_VARS[$del_entry]) && $HTTP_POST_VARS[$del_entry]=='on') { // first need to get the file from the database and if it exists, remove it $query = "select $entry from series where series_id = $series_id"; $del_result = db_query($query, 'submit_series.php'); $del_filename = $del_result[0]; // remove the entry from the series table $query = "update series set $entry = '' where series_id = $series_id"; $result = db_query($query, 'submit_series.php'); // need to remove the actual file if ($del_filename) { unlink($directory.'/'.$del_filename); unlink($directory.'/tn_'.$del_filename); }; }; }; }; header('Location: '.$HTTP_POST_VARS['destination']); ?> +---------------------------------------------------+ Previous Comments: ------------------------------------------------------------------------ [2005-03-20 18:14:41] [EMAIL PROTECTED] No feedback was provided. The bug is being suspended because we assume that you are no longer experiencing the problem. If this is not the case and you are able to provide the information that was requested earlier, please do so and change the status of the bug back to "Open". Thank you. ------------------------------------------------------------------------ [2005-03-08 23:29:21] [EMAIL PROTECTED] And FYI: I'd be very worried if "series_photo" ended up in $HTTP_POST_VARS (or $_POST, which you should use too) Uploaded file information usually goes into $_FILES.. ------------------------------------------------------------------------ [2005-03-08 23:23:37] [EMAIL PROTECTED] I can not reproduce this. With what browser(s) do you get this? Can you anyhow provide a short but COMPLETE script? (the one above does not have even a submit button, not to mention the fact that it's not even close being valid HTML) ------------------------------------------------------------------------ [2005-03-08 15:02:09] crandym2003 at yahoo dot com Description: ------------ When using the POST method in a form defined with enctype="multipart/form-data", a single defined hidden form element is lost between form named EditSeries when submit button posts form to submit_series.php. This only happens when text data entered into the TEXTAREA contains a special trademark character ™. I have seen this same bug before with other special characters. The form "submit_series.php" should get (4) form elements in the attached code which are: series_id, destination, series_desc, series_photo. Performing a dump_var $HTTP_SERVER_VAR at the beginnging of submit_series.php only shows (3) because the first form item "series_id" is somehow lost through CGI intrepretation. This doesn't happen unless data containing ™ is entered into the TEXTAREA box. The workaround is to place all hidden entities in the form after the TEXTAREA item or insert a extra hidden blank entity just above the series_id entity. This also does not happen if the enctype="multipart/form-data" is set to text entry only. In this case however, the form contains an input type=file so the multipart/form-data is necessary. Reproduce code: --------------- <form name=EditSeries action="submit_series.php" method="post" enctype="multipart/form-data"> <input type="hidden" name="series_id" value="123"> <input type="hidden" name="destination" value="$HTTP_SERVER_VARS['HTTP_REFERER']"> <TD width="85%"><TEXTAREA class=FormAdmin name=series_desc rows=8 wrap=virtual cols=66><?php print $series_desc ?></TEXTAREA></TD> <TD width="85%"><input class=FormAdmin type="file" size="56" name="series_photo" value=""></TD> Expected result: ---------------- When you run dump_vars($HTTP_SERVER_VARS) on the submit_series.php form and print them, there should be a total of (4) form items passed which are which are: series_id, destination, series_desc, series_photo. Actual result: -------------- When you run dump_vars($HTTP_SERVER_VARS) on the submit_series.php form and print them, there area a total of (3) form items passed which are which are: destination, series_desc, series_photo. Somehow, the first defined hidden entity series_id is lost and not defined in $HTTP_SERVER_VARS. This only happens when a special trademark character is entered as text data in the TEXTAREA box. If you move the location of the hidden items somewhere in the form "after" the TEXTAREA item, all elements are forwarded to the next page (i.e., this is a workaround) ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=32232&edit=1