iliaa Thu Jan 20 12:44:58 2005 EDT Modified files: /php-src/main rfc1867.c Log: Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get cutoff). http://cvs.php.net/diff.php/php-src/main/rfc1867.c?r1=1.165&r2=1.166&ty=u Index: php-src/main/rfc1867.c diff -u php-src/main/rfc1867.c:1.165 php-src/main/rfc1867.c:1.166 --- php-src/main/rfc1867.c:1.165 Sat Nov 20 13:49:36 2004 +++ php-src/main/rfc1867.c Thu Jan 20 12:44:58 2005 @@ -6,6 +6,7 @@ +----------------------------------------------------------------------+ | This source file is subject to version 3.0 of the PHP license, | | that is bundled with this package in the file LICENSE, and is | + | available through the world-wide-web at the following url: | | http://www.php.net/license/3_0.txt. | | If you did not receive a copy of the PHP license and are unable to | @@ -17,7 +18,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: rfc1867.c,v 1.165 2004/11/20 18:49:36 sesser Exp $ */ +/* $Id: rfc1867.c,v 1.166 2005/01/20 17:44:58 iliaa Exp $ */ /* * This product includes software developed by the Apache Group @@ -32,6 +33,7 @@ #include "php_globals.h" #include "php_variables.h" #include "rfc1867.h" +#include "ext/standard/php_string.h" #define DEBUG_FILE_UPLOAD ZEND_DEBUG @@ -847,7 +849,7 @@ while (!multipart_buffer_eof(mbuff TSRMLS_CC)) { char buff[FILLUNIT]; - char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; + char *cd=NULL,*param=NULL,*filename=NULL; int blen=0, wlen=0; zend_llist_clean(&header); @@ -1077,37 +1079,16 @@ str_len = strlen(filename); php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC); } - s = php_mb_strrchr(filename, '\\' TSRMLS_CC); - if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) > s) { - s = tmp; - } num_vars--; - } else { - s = strrchr(filename, '\\'); - if ((tmp = strrchr(filename, '/')) > s) { - s = tmp; - } - } -#else - s = strrchr(filename, '\\'); - if ((tmp = strrchr(filename, '/')) > s) { - s = tmp; } #endif - + /* ensure that the uploaded file name only contains the path */ + php_basename(filename, strlen(filename), NULL, 0, &s, NULL TSRMLS_CC); + efree(filename); + filename = s; + if (!is_anonymous) { - if (PG(magic_quotes_gpc)) { - s = s ? s : filename; - tmp = strrchr(s, '\''); - s = tmp > s ? tmp : s; - tmp = strrchr(s, '"'); - s = tmp > s ? tmp : s; - } - if (s && s > filename) { - safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC); - } else { - safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC); - } + safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC); } /* Add $foo[name] */ @@ -1116,11 +1097,7 @@ } else { sprintf(lbuf, "%s[name]", param); } - if (s && s > filename) { - register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC); - } else { - register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); - } + register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC); efree(filename); s = NULL;
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php