Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Closed
-
3.1.3
-
None
-
None
-
Windows Server 2003, IIS 6.0, PHP 5.3.19, magic_quotes_gpc = On
Description
When magic quotes is enabled, all form fields have their slashes stripped via $request->_variable's call to its type cast helper's recursive_set_var() function. The _FILES array does not add extra slashes to every field though, namely tmp_name is left as is. As a result, file uploads will fail since move_uploaded_file() is being called with an invalid source path (e.g. C:WINDOWSTempphpDA91.tmp instead of C:\WINDOWS\Temp\phpDA91.tmp).
Attachments
Issue Links
- is duplicated by
-
PHPBB3-13623 Unable to upload or download attachments
- Closed