MFH: Fixed bug #29369 (Uploaded files with ' or " in their names get their

names truncated at those characters).

diff --git a/NEWS b/NEWS
index 0bd9db2e4384830489510739fda914524ada38c7..170c2d5ad7181fd00e069ca58bc7735dc74ca770 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,8 @@ PHP 4                                                                      NEWS
 - Updated PCRE to provide better error handling in certain cases. (Andrei)
 - NSAPI: added "bucket" parameter to list of non-php.ini-keys of php4_execute
   for doing performance stats without warnings in server-log. (Uwe Schindler)
+- Fixed bug #29369 (Uploaded files with ' or " in their names get their names
+  truncated at those characters). (Ilia)
 - Fixed bug #29333 (output_buffering+trans_sess_id can corrupt output). (Ilia)
 - Fixed bug #29226 (ctype_* functions missing validation of numeric string 
   representations). (Ilia)

diff --git a/main/rfc1867.c b/main/rfc1867.c
index c37a711ce041a0577e3d48c2d220d46d564a8478..35abcb52b880499677a7fdf2ea78ccb075a7eca6 100644 (file)
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -628,6 +628,7 @@ static char *php_ap_getword_conf(char **line TSRMLS_DC)
 
        if ((quote = *str) == '"' || quote == '\'') {
                strend = str + 1;
+look_for_quote:
                while (*strend && *strend != quote) {
                        if (*strend == '\\' && strend[1] && strend[1] == quote) {
                                strend += 2;
@@ -635,6 +636,14 @@ static char *php_ap_getword_conf(char **line TSRMLS_DC)
                                ++strend;
                        }
                }
+               if (*strend && *strend == quote) {
+                       char p = *(strend + 1);
+                       if (p != '\r' && p != '\n' && p != '\0') {
+                               strend++;
+                               goto look_for_quote;
+                       }
+               }
+
                res = substring_conf(str + 1, strend - str - 1, quote TSRMLS_CC);
 
                if (*strend == quote) {