Re: [Dolibarr-dev] Pb with file upload

[Régis Houssin]

i use this file name : Capture d'ecran.docx
my function :

trim(basename(stripslashes($filename)), ".\x00..\x20");

common function found around the internet and can clean the file name in
$ _FILES


print $_FILES : Capture d\'ecran.docx


with my function :
files is record with name : Capture d'ecran.docx
source code in link: Capture+d%27ecran.docx

without my function:
files is record with name : Capture d\'ecran.docx
source code in link : Capture+d%5C%27ecran.docx
the file does not delete when I click on the trash



Le 01/06/12 10:42, Laurent Destailleur (eldy) a écrit :
> I made a fix into dol_unescapefile file because file uplaod was broken
> on linux and windows.
> I had to remove the stripslashes. I don't see a reason to have it. May
> be there is a diff between mac and linux when uploading a file ?
> 
> If you upload a file called
> a'b
> the $_FILES['userfile']['name']; exit;
> a'b
> 
> Regis, can you confirm that submitting a file called
> a'b
> is still
> a'b
> if you make:
> 
> print $_FILES['userfile']['name']; exit;
> 
> just after the main.inc.php of a submitted document.php page (you must
> make show source of html page to see real content, for example with
> htdocs/societe/documents.php) ?
> 
> 

Cordialement,
-- 
Régis Houssin
---------------------------------------------------------
Cap-Networks
Cidex 1130
34, route de Gigny
71240 MARNAY
FRANCE
VoIP: +33 1 83 62 40 03
GSM: +33 6 33 02 07 97
Web: http://www.cap-networks.com/
Email: address@hidden

Dolibarr developer: address@hidden
Web Portal: http://www.dolibarr.fr/
SaaS offers: http://www.dolibox.fr/
Shop: http://www.dolistore.com/
Development platform: https://doliforge.org/
---------------------------------------------------------