On 24 Feb 2005 08:22:39 -0600, Bret Hughes <[EMAIL PROTECTED]> wrote:
> On Thu, 2005-02-24 at 01:04, Dotan Cohen wrote:
> > > that. A little javascript goes a long way in these sort of situations
> >
> > You don't want to do that will javascript. I, for one, surf with
> > javascript turned off. T
On Thu, 2005-02-24 at 01:04, Dotan Cohen wrote:
> > that. A little javascript goes a long way in these sort of situations
>
> You don't want to do that will javascript. I, for one, surf with
> javascript turned off. The malicious script kiddie, I would presume,
> also would be very happy to send
> that. A little javascript goes a long way in these sort of situations
You don't want to do that will javascript. I, for one, surf with
javascript turned off. The malicious script kiddie, I would presume,
also would be very happy to send you a silly filename without letting
javascript check it.
On Wed, 2005-02-23 at 18:45, [EMAIL PROTECTED] wrote:
> Hi Brett
>
> My form is effectively identical to yours
>
> Upload a file:
>
> No the first part of the file name is just dropped and the file with the
> truncated name is saved in the correct place.
>
> But with it escaping the quote do y
[EMAIL PROTECTED] wrote:
Thanks
some answers:
turning magic quotes on and off seemed to make no difference
1. single quotes aren't important to me but this application allows users to
upload photos which often use descriptive filenames which sometimes have
single quotes eg. "my mum's car.jpg". I re
Hi Brett
My form is effectively identical to yours
Upload a file:
No the first part of the file name is just dropped and the file with the
truncated name is saved in the correct place.
But with it escaping the quote do you mean that you end up with a file with
\ in it? That would be an illegal
On Wed, 2005-02-23 at 16:40, [EMAIL PROTECTED] wrote:
> Thanks Bret
>
> I have tried turning all reporting on - error_reporting(E_ALL);
> but that doesn't reveal anything significant
>
> I have looked in the logs but there is nothing significant there.
>
> Because the type is file in the form it
Thanks Bret
I have tried turning all reporting on - error_reporting(E_ALL);
but that doesn't reveal anything significant
I have looked in the logs but there is nothing significant there.
Because the type is file in the form it is not handled like a post - the
values go into an array called $_FIL
Thanks
some answers:
turning magic quotes on and off seemed to make no difference
1. single quotes aren't important to me but this application allows users to
upload photos which often use descriptive filenames which sometimes have
single quotes eg. "my mum's car.jpg". I replace the spaces with un
On Wed, 2005-02-23 at 06:49, [EMAIL PROTECTED] wrote:
> Hi
> When uploading files using a type=file in a form, if a file is uploaded with
> a single quote the file gets truncated to whatever is after the quote
> eg.
> blah'sblah.txt
>
> will be uploaded as
> sblah.txt
>
> Is this a magic quotes i
[EMAIL PROTECTED] wrote:
Hi
When uploading files using a type=file in a form, if a file is uploaded with
a single quote the file gets truncated to whatever is after the quote
eg.
blah'sblah.txt
will be uploaded as
sblah.txt
Is this a magic quotes issue?
I don't think so, test it by turning it on/of
11 matches
Mail list logo
