Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-14751

Multiple file upload doesn't work in an external call.

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Trivial
    • Resolution: Invalid
    • 3.1.9
    • None
    • ACP
    • None
    • PHP 5.6.24, Firefox 47.0.1

    Description

      If I create a simple upload page, like this:

      <?php
      define('IN_PHPBB', true);
      $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './phpBB3/';
      $phpEx = substr(strrchr(_FILE_, '.'), 1);
      include($phpbb_root_path . 'common.' . $phpEx);

      // Start session management
      $user->session_begin();
      $auth->acl($user->data);
      $user->setup();
      ?>
      <!doctype html>
      <html lang="en">
      <head>
      <meta charset="UTF-8">
      <title>Test</title>
      </head>

      <body>
      <?php
      if ($request->is_set_post('submit'))

      Unknown macro: { $fnames=$request->file('myfiles'); var_dump($fnames); }

      ?>
      <form method="post" enctype="multipart/form-data">
      <p>Upload Files: <input type="file" name="myfiles[]" multiple>
      <p><input type=submit name="submit" value="Upload">
      </form>
      </body>
      </html>

      I select 3 files. It returns with:

      array(5) { ["name"]=> string(4) "none" ["type"]=> string(4) "none" ["tmp_name"]=> string(4) "none" ["error"]=> string(4) "none" ["size"]=> string(4) "none" }

      However, if I comment out "$this->type_cast_helper->recursive_set_var($var, $default, $multibyte, $trim);" on line 409 of phpbb/request/request.php, it correctly produces:

      array(5) { ["name"]=> array(3) { [0]=> string(11) "file1.WAV" [1]=> string(22) "file2.zip" [2]=> string(7) "file3.docx" } ["type"]=> array(3) { [0]=> string(11) "audio/x-wav" [1]=> string(15) "application/zip" [2]=> string(71) "application/vnd.openxmlformats-officedocument.wordprocessingml.document" } ["tmp_name"]=> array(3) { [0]=> string(14) "/tmp/phpyunc4u" [1]=> string(14) "/tmp/phpYjL8Vl" [2]=> string(14) "/tmp/phpSoH6Nc" } ["error"]=> array(3) { [0]=> int(0) [1]=> int(0) [2]=> int(0) } ["size"]=> array(3) { [0]=> int(9355) [1]=> int(10284) [2]=> int(11022) } }

      Of course, commenting out set_var defeats most (all?) of the input security, so this is Very Bad. Since this doesn't directly affect the functioning of phpBB, I'm not sure how much time you'd like to devote to this. I've looked at recursive_set_var() and I'm not sure if I follow it yet.

      Anyway, let me know if this is a simple fix.
      Thanks.

      Sincerely,
      Bortman

      Attachments

        Activity

          People

            Unassigned Unassigned
            bortman bortman [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: