ID: 32232
User updated by: crandym2003 at yahoo dot com
Reported By: crandym2003 at yahoo dot com
-Status: No Feedback
+Status: Open
Bug Type: CGI related
Operating System: Windows/Unix
PHP Version: 4.3.10
New Comment:
[EMAIL PROTECTED]:
Sorry, I've been unable to check my email for the past couple of
weeks.
Below is the complete script:
The first script is a php file used to capture user input. The second
script is a php file that is called by the POST to store data to mysql
and upload the file (using $_FILES).
If you enter text data into the TEXTAREA of the first script that
contains a trademark special character, the first hidden field is lost
through the POST (i.e., the variable is undefined going into the next
script). To work around this problem, I've defined the hidden fields
at the end of the script just before </form>. I normally define hidden
fields after the <form> statement.
Somehow, when using the special trademark character ™ in the body
of text in the TEXTAREA input box, causes the $_POST to ignore the
first hidden field. When this happens, the second script fails because
it is looking for parameters set in the hidden field.
I have found this same problem before when other special characters are
entered. At first, I couldn't figure out why a hidden field wasn't
being recognized on the following designated post page.
The problem exists on the lastest 4.3.10 and at least as far back as
4.3.4.
I am running Internet Explorer 6.0.2900.2180 on Windows XP Professional
(Service Pack 2) with IIS. But I've tested and found the same problem
when running under UNIX/Apache and Internet Explorer 6.0.2.2900.2180.
Hope this helps you reproduce the problem. It has been a problem for
quite some time, but is only a problem when special characters are
entered.
Randy
+---------------------------------------------+
<?php
/* edit_series.php
* Functions used to support displaying administrative series
information
* Written By: Randy Martin
* Date: 1/27/05
*/
// include database files and start session
include('../directory_map.php');
// check to see if user authorized to view this page
if (!check_access(4)) {
$HTTP_SESSION_VARS['login_attempt'] = 'unauthorized';
header("Location: login.php");
exit;
};
// editing an existing series
// if series value is set, a series value is being passed to this page
// so we need to edit an existing record instead of create a new one
if (isset($HTTP_GET_VARS['series_id']) && $HTTP_GET_VARS['series_id']
<> '') {
$m = get_record_array('series', 'series_id',
$HTTP_GET_VARS['series_id']);
// clean up data
foreach($m as $key => $val) {
$m[$key] = trim(clean_entities($val));
};
$series_id = $m['series_id'];
$series_name = $m['series_name'];
$series_briefdesc = $m['series_briefdesc'];
$series_desc = $m['series_desc'];
$series_key = $m['series_key'];
$series_photo = '../photos/series/'.$m['series_photo'];
$series_label = 'Series '.$series_name;
} else {
$series_id = '';
$series_name = '';
$series_key = '';
$series_desc = '';
$series_photo = '';
$series_label = 'New Series';
};
include('./ssi_header.php');
?>
<SCRIPT language=javascript type=text/javascript>
function CheckForm(EditSeries){
if(EditSeries.series_name.value == ""){
alert("EditSeries name is a required field.");
EditSeries.series_name.focus();
return false;
}
return true
}
</SCRIPT>
<?php
print '<form name=EditSeries action="submit_series.php" method="post"
enctype="multipart/form-data" onsubmit="return CheckForm(this)">';
// hidden field variables defined below to workaround php bug
include('./ssi_navbar.php');
print '<TABLE width=100% cellspacing=0 cellpadding=0 border=0>';
print '<TBODY>';
print '<TR>';
print '<TD>';
print '<br>';
print '<H2 class="Admin"> '.$series_label.'</STRONG></H2>';
print '</TD>';
print '</TR>';
print '</TBODY>';
print '</TABLE>';
print '<TABLE width="100%" cellspacing=0 cellpadding=0 border=0>';
print '<TR>';
print '<TD width=0></TD>';
print '<TD>';
print '<TABLE width="100%" cellspacing=0 cellpadding=0
border=0>';
print '<TR>';
print '<TD class=fieldname width="15%">Name: </TD>';
print '<TD width="85%"><INPUT class=FormAdmin maxLength=40 size=57
name=series_name value="'.$series_name.'"></TD>';
print '</TR>';
print '<TR>';
print '<TD class=fieldname width="15%">Initials: </TD>';
print '<TD width="85%"><INPUT class=FormAdmin maxLength=10 size=10
name=series_key value="'.$series_key.'"></TD>';
print '</TR>';
print '<TR>';
print '<TD class=fieldname width="15%">Brief Desc: </TD>';
print '<TD width="85%"><INPUT class=FormAdmin maxLength=200 size=57
name=series_briefdesc value="'.$series_briefdesc.'"></TD>';
print '</TR>';
print '<TR>';
print '<TD class=fieldname width="15%" valign="top" >Full
Desc: </TD>';
print '<TD width="85%"><TEXTAREA class=FormAdmin name=series_desc
rows=8 wrap=virtual cols=66>'.$series_desc.'</TEXTAREA></TD>';
print '</TR>';
print '<TR>';
print '<TD class=fieldname width="15%" >Photo: </TD>';
print '<TD width="85%"><input class=FormAdmin type="file" size="56"
name="series_photo" value=""></TD>';
print '</TR>';
if (is_file($series_photo)) {
$array = get_display_size($series_photo);
$width = $array[0];
$height = $array[1];
print '<TR>';
print '<TD class=fieldname valign="top" ><input type="checkbox"
name="del_photo" >Delete? </TD>';
print '<TD class=formfield> <img
src="'.$series_photo.'?'.rand(0,99999).'" width="'.$width.'"
height="'.$height.'"></TD>';
print '</TR>';
};
print '<TR>';
print '<TD width="15%"></TD>';
print '<TD width="85%"></TD>';
print '</TR>';
print '<TR>';
print '<TD width="15%"></TD>';
print '<TD width="85%"><BR><INPUT class=FormAdmin type="submit"
value="Submit" > <button class=FormAdmin type="button"
onclick="history.back()">Cancel</button></TD>';
print '</TR>';
print '</TABLE>';
print '</TD>';
print '</TR>';
print '</TABLE>';
// hidden items located here to overcome php bug when special
characters are entered on form
// series below is dummy value because of bug
print '<input type="hidden" name="series" value="">';
print '<input type="hidden" name="series_id" value="'.$series_id.'">';
print '<input type="hidden" name="destination"
value="'.$HTTP_SERVER_VARS['HTTP_REFERER'].'">';
print '<input type="hidden" name="MAX_FILE_SIZE" value="1000000">';
print '</form>';
include('./ssi_footer.php');
?>
+--------------------------------------------+
Next is the complete script which stores data to mysql and uploads the
file
+--------------------------------------------+
<?php
/* submit_series.php
* Used to add or modify series records
* Written By: Randy Martin
* Date: 3/1/05
*/
// include database files and start session
include('../directory_map.php');
// check to see if user authorized to view this page
if (!check_access(4)) {
$HTTP_SESSION_VARS['login_attempt'] = 'unauthorized';
header("Location: login.php");
exit;
};
// Add Slashes to all fields submitted from a form.
// and set local variables with same name as form
// if magic_quotes_gpc is turned off in php.ini file
if (! get_magic_quotes_gpc()) {
foreach($HTTP_POST_VARS as $key => $val) {
if($val!="") { // dont process null fields
$HTTP_POST_VARS[$key] = addslashes($val);
};
};
};
// set local hidden variables passed from previous page
$series_id = $HTTP_POST_VARS['series_id'];
$series_key = $HTTP_POST_VARS['series_key'];
$series_name = $HTTP_POST_VARS['series_name'];
$series_briefdesc = $HTTP_POST_VARS['series_briefdesc'];
$series_desc = $HTTP_POST_VARS['series_desc'];
$destination = $HTTP_POST_VARS['destination'];
$image_fields = Array ('_photo');
if (isset($HTTP_POST_VARS['series_id']) &&
$HTTP_POST_VARS['series_id']!='') {
// It's an update to an existing series record
$series_id = $HTTP_POST_VARS['series_id'];
$query = "update series
set series_name = '$series_name',
series_key = '$series_key',
series_briefdesc = '$series_briefdesc',
series_desc = '$series_desc'
where series_id = $series_id";
$result = db_query($query, 'submit_series.php');
} else {
// It's a new series so insert into new record - mod_id
automatically created
$query = "insert into series (series_key, series_name,
series_briefdesc, series_desc)
values ('$series_key', '$series_name',
'$series_briefdesc',
'$series_desc')";
$result = db_query($query, 'submit_series.php');
$series_id = mysql_insert_id();
};
// folder where photos are saved
$directory = '../photos/series';
$photo_extension = 'series';
// go through the list of images and add/change or delete as necessary
foreach ($image_fields as $dbentry) {
$entry = 'series'.$dbentry;
$entry_filename = $photo_extension.$dbentry;
$del_entry = 'del'.$dbentry;
// check to see if there was an error in the upload;
$error = $_FILES[$entry]['error'];
if ($error > 0 && $error < 4) {
switch($error){
// size determine by upload_max_filesize
setting in php.ini file
case 1: $tmp_msg = 'The file exceeded
upload_max_filesize setting
in the php.ini file.'; break;
// size determine by html file MAX_FILE_SIZE
setting in hidden
field
case 2: $tmp_msg = 'The file exceeded the
MAX_FILE_SIZE setting in
the html form.'; break;
case 3: $tmp_msg = 'Tile file was only
partially uploaded.';
break;
};
$message = 'There was an error while uploading the
designated
file.'.'<br>';
$message .= $tmp_msg.'<br>';
$message .= 'The filename is:
"'.$_FILES[$entry]['name'].'"<br>';
$message .= 'Please click the link below to return to
the
Administration Page.<br><br>';
$message .= '<a
href="admin_series.php?series_type='.$series_type.'">Return to Article
Administration Page</a>';
log_error('submit_series.php', 'File Upload',
$_FILES[$entry]['type'], $message, 'USER');
exit;
};
if ( (isset($_FILES[$entry]['name']) &&
is_uploaded_file($_FILES[$entry]['tmp_name']))) {
$type = $_FILES[$entry]['type'];
// supported formats include png and jpeg image files
// bmp and gif formats are not supported with php image creation
routines
// used to generate thumbnail images
switch ($type) {
case 'image/png': $extension = '.png';break;
case 'image/x-png': $extension = '.png';break;
//case 'image/bmp': $extension = '.bmp';break;
case 'image/jpeg': $extension = '.jpg';break;
//case 'image/gif': $extension = '.gif';break;
case 'image/pjpeg': $extension = '.jpg';break;
default:
$extension = "";
};
if ($extension == "") {
// need to remove the file we just moved
$message = 'You have submitted an unsupported image file
format.'.'<br>';
$message .= 'The unsupported filename is:
"'.$_FILES[$entry]['name'].'"<br>';
$message .= 'Please click the link below to return to
the
Administration Page.<br><br>';
$message .= '<a
href="admin_series.php?series_type='.$series_type.'">Return to Article
Administration Page</a>';
log_error('submit_series.php', 'File Upload',
$_FILES[$entry]['type'], $message, 'USER');
// we have an invalid file so we don't want to update
the database
// or move any files around by continuing
exit;
};
// name of file to be stored in database
$database_file = $series_id.'_'.$entry_filename.$extension;
// have a supported image type which needs to be moved via. full
path
$dirfilename = $directory.'/'.$database_file;
move_uploaded_file($_FILES[$entry]['tmp_name'], $dirfilename);
$border = 0;
$thumbnail_width = SERIES_WIDTH;
$thumbnail_height = SERIES_HEIGHT;
$filewritten = CreateThumbnail($database_file, $directory,
$thumbnail_width, $thumbnail_height, $border);
// now we can insert the new filename into the database
$query = "update series set $entry = '$database_file' where
series_id = $series_id";
$result = db_query($query, 'submit_series.php');
} else {
// No new file was designated therefore need to see if delete
checkbox was checked
if (isset($HTTP_POST_VARS[$del_entry]) &&
$HTTP_POST_VARS[$del_entry]=='on') {
// first need to get the file from the database and if
it exists,
remove it
$query = "select $entry from series where series_id =
$series_id";
$del_result = db_query($query, 'submit_series.php');
$del_filename = $del_result[0];
// remove the entry from the series table
$query = "update series set $entry = '' where series_id =
$series_id";
$result = db_query($query, 'submit_series.php');
// need to remove the actual file
if ($del_filename) {
unlink($directory.'/'.$del_filename);
unlink($directory.'/tn_'.$del_filename);
};
};
};
};
header('Location: '.$HTTP_POST_VARS['destination']);
?>
+---------------------------------------------------+
Previous Comments:
------------------------------------------------------------------------
[2005-03-20 18:14:41] [EMAIL PROTECTED]
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.
------------------------------------------------------------------------
[2005-03-08 23:29:21] [EMAIL PROTECTED]
And FYI: I'd be very worried if "series_photo" ended up in
$HTTP_POST_VARS (or $_POST, which you should use too)
Uploaded file information usually goes into $_FILES..
------------------------------------------------------------------------
[2005-03-08 23:23:37] [EMAIL PROTECTED]
I can not reproduce this. With what browser(s) do you get this? Can you
anyhow provide a short but COMPLETE script?
(the one above does not have even a submit button, not to mention the
fact that it's not even close being valid HTML)
------------------------------------------------------------------------
[2005-03-08 15:02:09] crandym2003 at yahoo dot com
Description:
------------
When using the POST method in a form defined with
enctype="multipart/form-data", a single defined hidden form element is
lost between form named EditSeries when submit button posts form to
submit_series.php. This only happens when text data entered into the
TEXTAREA contains a special trademark character ™. I have seen
this same bug before with other special characters.
The form "submit_series.php" should get (4) form elements in the
attached code which are: series_id, destination, series_desc,
series_photo. Performing a dump_var $HTTP_SERVER_VAR at the beginnging
of submit_series.php only shows (3) because the first form item
"series_id" is somehow lost through CGI intrepretation. This doesn't
happen unless data containing ™ is entered into the TEXTAREA box.
The workaround is to place all hidden entities in the form after the
TEXTAREA item or insert a extra hidden blank entity just above the
series_id entity.
This also does not happen if the enctype="multipart/form-data" is set
to text entry only. In this case however, the form contains an input
type=file so the multipart/form-data is necessary.
Reproduce code:
---------------
<form name=EditSeries action="submit_series.php" method="post"
enctype="multipart/form-data">
<input type="hidden" name="series_id" value="123">
<input type="hidden" name="destination"
value="$HTTP_SERVER_VARS['HTTP_REFERER']">
<TD width="85%"><TEXTAREA class=FormAdmin name=series_desc rows=8
wrap=virtual cols=66><?php print $series_desc ?></TEXTAREA></TD>
<TD width="85%"><input class=FormAdmin type="file" size="56"
name="series_photo" value=""></TD>
Expected result:
----------------
When you run dump_vars($HTTP_SERVER_VARS) on the submit_series.php form
and print them, there should be a total of (4) form items passed which
are which are: series_id, destination, series_desc, series_photo.
Actual result:
--------------
When you run dump_vars($HTTP_SERVER_VARS) on the submit_series.php form
and print them, there area a total of (3) form items passed which are
which are: destination, series_desc, series_photo.
Somehow, the first defined hidden entity series_id is lost and not
defined in $HTTP_SERVER_VARS. This only happens when a special
trademark character is entered as text data in the TEXTAREA box.
If you move the location of the hidden items somewhere in the form
"after" the TEXTAREA item, all elements are forwarded to the next page
(i.e., this is a workaround)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=32232&edit=1
