Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13642

_FILES['tmp_name'] should not have slashes removed if magic quotes is enabled

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Closed
    • Affects Version/s: 3.1.3
    • Fix Version/s: 3.1.13-RC1
    • Component/s: None
    • Labels:
      None
    • Environment:
      Windows Server 2003, IIS 6.0, PHP 5.3.19, magic_quotes_gpc = On

      Description

      When magic quotes is enabled, all form fields have their slashes stripped via $request->_variable's call to its type cast helper's recursive_set_var() function. The _FILES array does not add extra slashes to every field though, namely tmp_name is left as is. As a result, file uploads will fail since move_uploaded_file() is being called with an invalid source path (e.g. C:WINDOWSTempphpDA91.tmp instead of C:\WINDOWS\Temp\phpDA91.tmp).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                Noxwizard Patrick Webster
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: