From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 20 Jan 2005 17:57:06 +0000 (+0000)
Subject: MFH: Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with '
X-Git-Tag: php-5.0.4RC1~289
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=aabd63044c89079f29d609f648aaf8eead09e5b5;p=php

MFH: Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with '
get cutoff).
---

diff --git a/NEWS b/NEWS
index ff7115a7f4..7e91e7f609 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@ PHP                                                                        NEWS
   call_user_func_array()). (phpbugs at domain51 dot net, Dmitry)
 - Fixed bug #31142 (imap_mail_compose() fails to generate correct output). (Ilia)
 - Fixed bug #31139 (XML Parser Functions seem to drop &amp; when parsing). (Rob)
+- Fixed bug #31398 (When magic_guotes_gpc are enabled filenames with ' get cutoff).
+  (Ilia)
 - Fixed bug #31111 (Compile failure of zend_strtod.c). (Derick)
 - Fixed bug #31110 (PHP 4.3.10 does not compile on Tru64 UNIX 5.1B). (Derick)
 - Fixed bug #31107 (Compile failure on Solaris 9 (Intel) and gcc 3.4.3). (Derick)
diff --git a/main/rfc1867.c b/main/rfc1867.c
index 414236b991..b5b05df6e4 100644
--- a/main/rfc1867.c
+++ b/main/rfc1867.c
@@ -6,6 +6,7 @@
    +----------------------------------------------------------------------+
    | This source file is subject to version 3.0 of the PHP license,       |
    | that is bundled with this package in the file LICENSE, and is        |
+
    | available through the world-wide-web at the following url:           |
    | http://www.php.net/license/3_0.txt.                                  |
    | If you did not receive a copy of the PHP license and are unable to   |
@@ -32,6 +33,7 @@
 #include "php_globals.h"
 #include "php_variables.h"
 #include "rfc1867.h"
+#include "ext/standard/php_string.h"
 
 #define DEBUG_FILE_UPLOAD ZEND_DEBUG
 
@@ -847,7 +849,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 	while (!multipart_buffer_eof(mbuff TSRMLS_CC))
 	{
 		char buff[FILLUNIT];
-		char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL;
+		char *cd=NULL,*param=NULL,*filename=NULL;
 		int blen=0, wlen=0;
 
 		zend_llist_clean(&header);
@@ -1077,36 +1079,16 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 					str_len = strlen(filename);
 					php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC);
 				}
-				s = php_mb_strrchr(filename, '\\' TSRMLS_CC);
-				if ((tmp = php_mb_strrchr(filename, '/' TSRMLS_CC)) > s) {
-					s = tmp;
-				}
 				num_vars--;
-			} else {
-				s = strrchr(filename, '\\');
-				if ((tmp = strrchr(filename, '/')) > s) {
-					s = tmp;
-				}
-			}
-#else
-			s = strrchr(filename, '\\');
-			if ((tmp = strrchr(filename, '/')) > s) {
-				s = tmp;
 			}
 #endif
+ 			/* ensure that the uploaded file name only contains the path */
+ 			php_basename(filename, strlen(filename), NULL, 0, &s, NULL TSRMLS_CC);
+ 			efree(filename);
+ 			filename = s;
+
 			if (!is_anonymous) {
-				if (PG(magic_quotes_gpc)) {
-					s = s ? s : filename;
-					tmp = strrchr(s, '\'');
-					s = tmp > s ? tmp : s;
-					tmp = strrchr(s, '"');
-					s = tmp > s ? tmp : s;
-				}
-				if (s && s > filename) {
-					safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC);
-				} else {
-					safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC);
-				}
+				safe_php_register_variable(lbuf, filename, NULL, 0 TSRMLS_CC);
 			}
 
 			/* Add $foo[name] */
@@ -1115,11 +1097,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler)
 			} else {
 				sprintf(lbuf, "%s[name]", param);
 			}
-			if (s && s > filename) {
-				register_http_post_files_variable(lbuf, s+1, http_post_files, 0 TSRMLS_CC);
-			} else {
-				register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);
-			}
+			register_http_post_files_variable(lbuf, filename, http_post_files, 0 TSRMLS_CC);
 			efree(filename);
 			s = NULL;