I have a file upload, and try to take care of strange filenames by removing unwanted characters. But I have the situation where I just played around with unwanted (chars in) filenames and got the following result:
My Bad Filename is: 1\;ping\ -c1\ 1.1.1.1
Firefox is sending:Content-Disposition: form-data; name="send_file"; filename="1\;ping\ -c1\ 1.1.1.1"
But PHP's $_FILES['send_file']['name']
object is just giving me 1.1.1.1
(with a leading space) as name.
In general that would be ignorable but I'd like to understand what is happening here
What is happening here? Please enlighten me
Software used:
PHP's $_FILES['send_file']['name']
does not equal Content-Disposition
's filename="..."
value.
PHP is doing some sanitizing: removes path and stores only name of the file, like it said in documentation:
$_FILES['userfile']['name']
The original name of the file on the client machine.
Removing path means that everything before last slash/backslash (including them) is removed, that's what you got.
It relate to very old issue since 2005, and basically the character \
is not valid character for the file name in Window
You can found more detail here, and old bug with status Won't fix
https://pear.php.net/bugs/bug.php?id=5681
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With