#30683 [Opn]: Change in behavious of FILES array between 4.3.6 and 4.3.7_3
ID: 30683 User updated by: bugs at bsdfirst dot com Reported By: bugs at bsdfirst dot com Status: Open -Bug Type: Zend Engine 2 problem +Bug Type: Feature/Change Request Operating System: FreeBSD PHP Version: Irrelevant New Comment: I have just confirmed that 4.3.9 also behaves in the same manner as 4.3.7_3. It would appear that this was a bug fix to prevent a security exploit (use paths containing ../). I wonder if there shouldn't be a way to obtain the contents of a INPUT type=file field in it's entirety? Particually since you cannot use php://input whilst POSTing a mulipart mime form. This could either be another entry in the $_FILES array, for example $_FILES['pic']['orig_path'] or $_FILES['pic']['name'] could check for '^http:||ftp:'. The former is probably the most compatible and the least security risk (a user could not accidentally use it - they would have to make a deliberate choice). What are the chances of having something like that added into the 4 series? With all of this in mind I have changed the category of this report to Feature Request. Thanks, Patrick Previous Comments: [2004-11-04 06:11:17] bugs at bsdfirst dot com Description: Hi, I have two FreeBSD servers detailed as follows: lassa: FreeBSD 4.10-STABLE php4-4.3.7_3 apache+mod_ssl+mod_deflate-1.3.31+2.8.18+1.3.14.12+1.0.21_4 honk: FreeBSD 4.9-RELEASE php4-4.3.6 apache+mod_ssl+mod_deflate-1.3.29+2.8.16+1.0.20_3 I am using a HTML form (enctype=multipart/form-data) to upload image files to each server. On the server honk I am using the function isurlorfile to allow the user to type a URL instead of selecting a file in the INPUT type=file box. Selecting a file for upload works correctly in both cases. C:\Pics\test.png yields the following the in $_FILES array: honk lassa: $_FILES['pic']['name'] contains 'test.png' However entering a URL only works on the server honk. Entering the URL http://localhost/test.png into the INPUT type=file box on the form yields the following results in the $_FILES array: honk: $_FILES['pic']['name'] contains 'http://localhost/test.png' lassa: $_FILES['pic']['name'] contains 'test.png' Honk is our development server and we have written code relying on this undocumented feature. Obviously the behavious exhibited on the server honk is usefull as a user can select a file or enter a URL to a file in the one input field. Which of these is the expected behaviour? Is there an expected behaviour and what behaviour would I expect from a more current version of PHP? Could I request the behaviour exibited on the server honk be a documented feature? Thanks, Patrick Brennan Reproduce code: --- function _isurlorfile($str) { if (is_uploaded_file($str['tmp_name']) $str['size']) { return $str['tmp_name']; } elseif (ereg('^http|ftp', $str['name'])) { return $str['name']; } else { return 0; } } -- Edit this bug report at http://bugs.php.net/?id=30683edit=1
#30683 [NEW]: Change in behavious of FILES array between 4.3.6 and 4.3.7_3
From: bugs at bsdfirst dot com Operating system: FreeBSD PHP version: Irrelevant PHP Bug Type: Zend Engine 2 problem Bug description: Change in behavious of FILES array between 4.3.6 and 4.3.7_3 Description: Hi, I have two FreeBSD servers detailed as follows: lassa: FreeBSD 4.10-STABLE php4-4.3.7_3 apache+mod_ssl+mod_deflate-1.3.31+2.8.18+1.3.14.12+1.0.21_4 honk: FreeBSD 4.9-RELEASE php4-4.3.6 apache+mod_ssl+mod_deflate-1.3.29+2.8.16+1.0.20_3 I am using a HTML form (enctype=multipart/form-data) to upload image files to each server. On the server honk I am using the function isurlorfile to allow the user to type a URL instead of selecting a file in the INPUT type=file box. Selecting a file for upload works correctly in both cases. C:\Pics\test.png yields the following the in $_FILES array: honk lassa: $_FILES['pic']['name'] contains 'test.png' However entering a URL only works on the server honk. Entering the URL http://localhost/test.png into the INPUT type=file box on the form yields the following results in the $_FILES array: honk: $_FILES['pic']['name'] contains 'http://localhost/test.png' lassa: $_FILES['pic']['name'] contains 'test.png' Honk is our development server and we have written code relying on this undocumented feature. Obviously the behavious exhibited on the server honk is usefull as a user can select a file or enter a URL to a file in the one input field. Which of these is the expected behaviour? Is there an expected behaviour and what behaviour would I expect from a more current version of PHP? Could I request the behaviour exibited on the server honk be a documented feature? Thanks, Patrick Brennan Reproduce code: --- function _isurlorfile($str) { if (is_uploaded_file($str['tmp_name']) $str['size']) { return $str['tmp_name']; } elseif (ereg('^http|ftp', $str['name'])) { return $str['name']; } else { return 0; } } -- Edit bug report at http://bugs.php.net/?id=30683edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=30683r=trysnapshot4 Try a CVS snapshot (php5.0): http://bugs.php.net/fix.php?id=30683r=trysnapshot50 Try a CVS snapshot (php5.1): http://bugs.php.net/fix.php?id=30683r=trysnapshot51 Fixed in CVS:http://bugs.php.net/fix.php?id=30683r=fixedcvs Fixed in release:http://bugs.php.net/fix.php?id=30683r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=30683r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=30683r=needscript Try newer version: http://bugs.php.net/fix.php?id=30683r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=30683r=support Expected behavior: http://bugs.php.net/fix.php?id=30683r=notwrong Not enough info: http://bugs.php.net/fix.php?id=30683r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=30683r=submittedtwice register_globals:http://bugs.php.net/fix.php?id=30683r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=30683r=php3 Daylight Savings:http://bugs.php.net/fix.php?id=30683r=dst IIS Stability: http://bugs.php.net/fix.php?id=30683r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=30683r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=30683r=float MySQL Configuration Error: http://bugs.php.net/fix.php?id=30683r=mysqlcfg