From: danymoussa at gmail dot com Operating system: Centos 5 PHP version: 5.2.9 PHP Bug Type: Filter related Bug description: $_FILES return wrong file type
Description: ------------ This is a very serious problem that i never faced in php earlier version. However i tried to hack into my jpg-upload-image script and was able to do that by inserting a renamed shell script: pic1.php.jpg Reproduce code: --------------- <form action="upload.php" method="post" enctype="multipart/form-data"> <input type="file" name="file"> <input type="submit" value="Upload"> </form> print_r($_FILES); Expected result: ---------------- [file] => Array ( [name] => pic.php.jpg [type] => image/jpeg [tmp_name] => /tmp/php96MEPH [error] => 0 [size] => 23052 ) Actual result: -------------- [file] => Array ( [name] => pic.php.jpg [type] => application/octet-stream [tmp_name] => /tmp/php96MEPH [error] => 0 [size] => 23052 ) -- Edit bug report at http://bugs.php.net/?id=48344&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=48344&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=48344&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=48344&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=48344&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=48344&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=48344&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=48344&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=48344&r=needscript Try newer version: http://bugs.php.net/fix.php?id=48344&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=48344&r=support Expected behavior: http://bugs.php.net/fix.php?id=48344&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=48344&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=48344&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=48344&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48344&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=48344&r=dst IIS Stability: http://bugs.php.net/fix.php?id=48344&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=48344&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=48344&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=48344&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=48344&r=mysqlcfg