diff options
| author | Derick Rethans <derick@php.net> | 2004-05-21 08:14:24 +0000 |
|---|---|---|
| committer | Derick Rethans <derick@php.net> | 2004-05-21 08:14:24 +0000 |
| commit | 5a3baf610b43cd73e462cdb62b0d67d546501f12 (patch) | |
| tree | f4523dcdfde1242a9be0da9efdad9cc2cc2452c1 | |
| parent | 9dd047257348f1288ae3ee7da7de23e30ccd3723 (diff) | |
| download | php-git-5a3baf610b43cd73e462cdb62b0d67d546501f12.tar.gz | |
- MFH: Fixed bug #28456 (Problem with enclosed / in uploaded files).
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | main/rfc1867.c | 11 |
2 files changed, 11 insertions, 1 deletions
@@ -10,6 +10,7 @@ PHP 4 NEWS images. (Ilia) - Fixed handling of return values from storred procedures in mssql_execute() with multiple result sets returned. (Frank) +- Fixed bug #28456 (Problem with enclosed / in uploaded files). (Antony) - Fixed logic bug in session_register() which allowed registering _SESSION and/or HTTP_SESSION_VARS. (Sara) - Fixed bug #28386 (wordwrap() wraps lines 1 character too soon). (Ilia) diff --git a/main/rfc1867.c b/main/rfc1867.c index ff785d6008..be3f62cc53 100644 --- a/main/rfc1867.c +++ b/main/rfc1867.c @@ -830,7 +830,7 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) while (!multipart_buffer_eof(mbuff TSRMLS_CC)) { char buff[FILLUNIT]; - char *cd=NULL,*param=NULL,*filename=NULL; + char *cd=NULL,*param=NULL,*filename=NULL, *tmp=NULL; int blen=0, wlen=0; zend_llist_clean(&header); @@ -1031,12 +1031,21 @@ SAPI_API SAPI_POST_HANDLER_FUNC(rfc1867_post_handler) php_mb_gpc_encoding_converter(&filename, &str_len, 1, NULL, NULL TSRMLS_CC); } s = php_mb_strrchr(filename, '\\' TSRMLS_CC); + if (tmp = php_mb_strrchr(filename, '/')) { + s = tmp; + } num_vars--; } else { s = strrchr(filename, '\\'); + if (tmp = strrchr(filename, '/')) { + s = tmp; + } } #else s = strrchr(filename, '\\'); + if (tmp = strrchr(filename, '/')) { + s = tmp; + } #endif if (s && s > filename) { safe_php_register_variable(lbuf, s+1, NULL, 0 TSRMLS_CC); |