tallberg Posted July 30, 2009 Share Posted July 30, 2009 Is there anything in php configuration that might put backslashes in an upload file name the contains an apostrophe ? Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/ Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 str_replace? why do you want to do this anyway? Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886676 Share on other sites More sharing options...
tallberg Posted July 30, 2009 Author Share Posted July 30, 2009 Im using spaw editor to upload files. It is adding back slashes into filenames that contain an apostrophe which then stops the file browser from working. It doesn’t do this locally but it does online. I believe I have found the code that does this in the editor and removed. So I’m wondering if it is not the editor and something on the server. Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886681 Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 Im using spaw editor to upload files. It is adding back slashes into filenames that contain an apostrophe which then stops the file browser from working. It doesn’t do this locally but it does online. I believe I have found the code that does this in the editor and removed. So I’m wondering if it is not the editor and something on the server. put this somewhere in your server if(get_magic_quotes_gpc()) echo "Magic quotes are enabled"; else echo "Magic quotes are disabled"; if its enabled, then turn it off. Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886684 Share on other sites More sharing options...
tallberg Posted July 30, 2009 Author Share Posted July 30, 2009 How do i use this? function safeEscapeString($string) { if (get_magic_quotes_gpc()) { return $string; } else { return mysql_real_escape_string($string); } } Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886689 Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 How do i use this? function safeEscapeString($string) { if (get_magic_quotes_gpc()) { return $string; } else { return mysql_real_escape_string($string); } } know what forget that, just let me knwo if magic quote pc is on, run the script Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886690 Share on other sites More sharing options...
tallberg Posted July 30, 2009 Author Share Posted July 30, 2009 Magic quotes is on. Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886692 Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 Magic quotes is on. off em. http://us.php.net/manual/en/security.magicquotes.disabling.php Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886699 Share on other sites More sharing options...
tallberg Posted July 30, 2009 Author Share Posted July 30, 2009 I found the php.ini file on my server but the changes ive made for turning magic quotes off are not taking effect. Any ideas? Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886768 Share on other sites More sharing options...
tallberg Posted July 30, 2009 Author Share Posted July 30, 2009 I finally found away to turn magic quotes off. This makes not difference. Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-886896 Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 I finally found away to turn magic quotes off. This makes not difference. try $filename = stripslashes($_FILES['file']['name']); Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-887218 Share on other sites More sharing options...
tallberg Posted July 31, 2009 Author Share Posted July 31, 2009 tryed that and no effect. I believe this is the code in question: I tryed doing a an str_replace ( $uplfile['name'] =str_replace("'","_", $uplfile['name'] ); ) right at the top of the function which did change the file name but the file had no data or was not visible. function uploadFile($uplfile) { global $lang; // check if upload is allowed if (!$this->getCurrentDirSetting('allow_upload')) { $this->setError($lang->m('error_upload_forbidden', 'spawfm')); } else { if (is_uploaded_file($uplfile['tmp_name'])) { // check filetype $ext = SpawFm::getFileExtension($uplfile['name']); $allowed_ext = $this->getAllowedExtensions(); if ((in_array('.*', $allowed_ext) or in_array($ext, $allowed_ext)) and $this->isSecureFile($uplfile['name'])) { // check filesize if (!$this->getCurrentDirSetting('max_upload_filesize') or $uplfile['size'] <= $this->getCurrentDirSetting('max_upload_filesize')) { $ok = true; $err = array(); /* check image dimensions: try to read image dimensions (this step is omitted if getimagesize() does not recognize file as image or fails to read it's dimensions */ if (($this->getCurrentDirSetting('max_img_width') or $this->getCurrentDirSetting('max_img_height')) and $imgsize = @getimagesize($uplfile['tmp_name'])) { // check if dimensions not too big if specified if ($this->getCurrentDirSetting('max_img_width') and $imgsize[0] > $this->getCurrentDirSetting('max_img_width')) { $ok = false; $err[] = str_replace('[*MAXWIDTH*]', $this->getCurrentDirSetting('max_img_width'), $lang->m('error_img_width_max', 'spawfm')); } if ($this->getCurrentDirSetting('max_img_height') and $imgsize[0] > $this->getCurrentDirSetting('max_img_height')) { $ok = false; $err[] = str_replace('[*MAXHEIGHT*]', $this->getCurrentDirSetting('max_img_height'), $lang->m('error_img_height_max', 'spawfm')); } } if (!$ok) { $this->setError(implode('<br />', $err)); } else { // proceed saving uploaded file $uplfile_name = $uplfile['name']; $i = 1; // pick unused file name // $uplfile['name'] =str_replace("'","_", $uplfile['name'] ); while (file_exists($this->getCurrentFsDir().$uplfile_name)) { $uplfile_name = ereg_replace('(.*)(\.[a-zA-Z]+)$', '\1_'.$i.'\2', $uplfile['name']); // $uplfile_name = ereg_replace('(.*)(\.[a-zA-Z]+)$', '\1_'.$i.'\2', preg_replace('/[^a-z0-9_\-\.]/i', '_', $uplfile_name)); // $uplfile_name =str_replace("\\","_", $uplfile_name ); $i++; } if (!@move_uploaded_file($uplfile['tmp_name'], $this->getCurrentFsDir().$uplfile_name)) { $this->setError($lang->m('error_upload_failed', 'spawfm')); } else { if (strlen($this->getCurrentDirSetting('chmod_to'))) { // chmod uploaded file if (!@chmod($this->getCurrentFsDir().$uplfile_name, $this->getCurrentDirSetting('chmod_to'))) { $this->setError($lang->m('error_chmod_uploaded_file', 'spawfm')); } } } } } else { $this->setError($lang->m('error_max_filesize', 'spawfm').' '.round($this->getCurrentDirSetting('max_upload_filesize') / 1024, 2).' KB'); } } else { $this->setError($lang->m('error_bad_filetype', 'spawfm')); } } else { if ($uplfile['error'] == 1 or $uplfile['error'] == 2) { $this->setError($lang->m('error_upload_file_too_big', 'spawfm')); } elseif ($uplfile['error'] == 3) { $this->setError($lang->m('error_upload_file_incomplete', 'spawfm')); } else { $this->setError($lang->m('error_upload_failed', 'spawfm')); } } } return $this->error() ? false : $uplfile_name; } Link to comment https://forums.phpfreaks.com/topic/168120-php-configureation/#findComment-887517 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.