Prune uploaded file names to \ on all OSes, read comments for explanation.

diff --git a/main/rfc1867.c b/main/rfc1867.c
index d1b7f99c590646e5c8302d3c906491455b68e863..54f775ecc8d1160a9ab4a3be6950e4b9ec4d45b2 100644 (file)
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -1077,11 +1077,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
                                        str_len = strlen(filename);
                                        php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC);
                                }
-#ifdef PHP_WIN32
                                s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
-#else
-                               s = filename;
-#endif
                                if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) > s) {
                                        s = tmp;
                                }
@@ -1089,12 +1085,13 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
                                goto filedone;
                        }
 #endif                 
-
-#ifdef PHP_WIN32
+                       /* The \ check should technically be needed for win32 systems only where
+                        * it is a valid path separator. However, IE in all it's wisdom always sends
+                        * the full path of the file on the user's filesystem, which means that unless
+                        * the user does basename() they get a bogus file name. Until IE's user base drops 
+                        * to nill or problem is fixed this code must remain enabled for all systems.
+                        */
                        s = strrchr(filename, '\\');
-#else
-                       s = filename;
-#endif
                        if ((tmp = strrchr(filename, '/')) > s) {
                                s = tmp;
                        }