Posted by Bret Hughes on 02/24/05 02:32

On Wed, 2005-02-23 at 16:40, neil@jansons.net wrote:
> Thanks Bret
>
> I have tried turning all reporting on - error_reporting(E_ALL);
> but that doesn't reveal anything significant
>
> I have looked in the logs but there is nothing significant there.
>
> Because the type is file in the form it is not handled like a post - the
> values go into an array called $_FILES
>
> There seems to be no way to intercept this before the filename gets
> truncated
>


Well for another data point when I uploaded a file using our upload form
the ' gets escaped on both IE6 (win98 running in win4lin) and galeon.

test's qoutes.jpg becomes test\'s quotes.jpg on a fedora server with
apache and php of course.

I don't suppose the file gets put into a directory named with the first
portion of the file?

FWIW here is what my form tag looks like

<form enctype="multipart/form-data" action="uploadFiles.php"
method="POST">

and the filechooser

<input name="userfile" type="file" >

Bret

• Next in thread: Re: [PHP] uploading files with a single quote in the filename
• Prev in thread: Re: [PHP] uploading files with a single quote in the filename
• Next in forum: Re: [PHP] uploading files with a single quote in the filename
• Prev in forum: Re: [PHP] uploading files with a single quote in the filename
• Thread view: uploading files with a single quote in the filename

[Reply to this message]