#50314 [Fbk-Opn]: File upload problem
ID: 50314
User updated by: jj07020 at lanet dot lv
Reported By: jj07020 at lanet dot lv
-Status: Feedback
+Status: Open
Bug Type: Apache2 related
Operating System: Windows XP Pro SP3
PHP Version: 5.3.1
New Comment:
I tried it with php 5.2 (Snapshot Fri, 27 Nov 2009 11:41:38 +,
Version: 5.2.12RC3-dev) and it produces the same result.
Previous Comments:
[2009-11-27 14:27:18] j...@php.net
Please try using this snapshot:
http://snaps.php.net/php5.2-latest.tar.gz
For Windows:
http://windows.php.net/snapshots/
[2009-11-27 14:20:01] jj07020 at lanet dot lv
Description:
It is possible to supply a filename which will be incorrectly parsed by
PHP. The problem occurs when uploading a file from an HTML form with
attributes name=file[ (lacking the closing bracket) and type=file.
I'm using Apache 2.2.14 PHP 5.3.1, but I was able to reproduce the bug
with Apache 2.2.10 PHP 5.3.0.
Reproduce code:
---
HTML form - form.html:
form method=post enctype=multipart/form-data action=upload.php
input type=file name=file[ /
input type=submit value=OK /
/form
PHP code - upload.php:
?php
var_dump($_FILES);
?
The body of the HTTP request:
3PL7QzumhbsotvnG6nZnmR
Content-Disposition: form-data; name=file[; filename=code.gif
Content-Type: image/gif
binary gif data
3PL7QzumhbsotvnG6nZnmR--
Expected result:
The array $_FILES should contain valid keys as specified in
http://www.php.net/manual/en/features.file-upload.post-method.php.
Hovever, the following assertion fails:
if (isset($_FILES[file])) {
assert(is_string($_FILES[name])); // actual key is [name
}
Since the filename (file[) lacks the closing bracket, it probably
should be interpreted as a single file named file[:
array(1) { [file[]= array(5) { [name]= string(8) code.gif
[type]= string(9) image/gif [tmp_name]= string(17)
C:\Temp\php3A.tmp [error]= int(0) [size]= int(3342) } }
Actual result:
--
The array $_FILES:
array(1) { [file]= array(5) { [[name]= string(8) code.gif
[[type]= string(9) image/gif [[tmp_name]= string(17)
C:\Temp\php3A.tmp [[error]= int(0) [[size]= int(3342) } }
--
Edit this bug report at http://bugs.php.net/?id=50314edit=1
#50314 [NEW]: File upload problem
From: jj07020 at lanet dot lv
Operating system: Windows XP Pro SP3
PHP version: 5.3.1
PHP Bug Type: Apache2 related
Bug description: File upload problem
Description:
It is possible to supply a filename which will be incorrectly parsed by
PHP. The problem occurs when uploading a file from an HTML form with
attributes name=file[ (lacking the closing bracket) and type=file. I'm
using Apache 2.2.14 PHP 5.3.1, but I was able to reproduce the bug with
Apache 2.2.10 PHP 5.3.0.
Reproduce code:
---
HTML form - form.html:
form method=post enctype=multipart/form-data action=upload.php
input type=file name=file[ /
input type=submit value=OK /
/form
PHP code - upload.php:
?php
var_dump($_FILES);
?
The body of the HTTP request:
3PL7QzumhbsotvnG6nZnmR
Content-Disposition: form-data; name=file[; filename=code.gif
Content-Type: image/gif
binary gif data
3PL7QzumhbsotvnG6nZnmR--
Expected result:
The array $_FILES should contain valid keys as specified in
http://www.php.net/manual/en/features.file-upload.post-method.php. Hovever,
the following assertion fails:
if (isset($_FILES[file])) {
assert(is_string($_FILES[name])); // actual key is [name
}
Since the filename (file[) lacks the closing bracket, it probably should
be interpreted as a single file named file[:
array(1) { [file[]= array(5) { [name]= string(8) code.gif
[type]= string(9) image/gif [tmp_name]= string(17)
C:\Temp\php3A.tmp [error]= int(0) [size]= int(3342) } }
Actual result:
--
The array $_FILES:
array(1) { [file]= array(5) { [[name]= string(8) code.gif
[[type]= string(9) image/gif [[tmp_name]= string(17)
C:\Temp\php3A.tmp [[error]= int(0) [[size]= int(3342) } }
--
Edit bug report at http://bugs.php.net/?id=50314edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=50314r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=50314r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=50314r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=50314r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=50314r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=50314r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=50314r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=50314r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=50314r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=50314r=support
Expected behavior:
http://bugs.php.net/fix.php?id=50314r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=50314r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=50314r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=50314r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50314r=php4
Daylight Savings:http://bugs.php.net/fix.php?id=50314r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=50314r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=50314r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=50314r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=50314r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=50314r=mysqlcfg
