Description: ------------ When a file is uploaded, the package checks the file extension against a list of acceptable or unacceptable extensions, which has a default value but can be set externally. Currently, this is done in a case-sensitive manner. For example, if 'scr' is in the 'deny' list, *.SCR files will be accepted. The only way to deny files of this type is to list 'scr', 'Scr', 'SCr', 'SCR', 'sCr', 'sCR', 'scR', 'sCR', 'SCR'... (did I get them all?) Reproduce code: --------------- PATCH - replace _evalValidExtensions() with below: function _evalValidExtensions() { $ext = strtolower($this->getProp('ext')); $exts = $this->_extensions_check; settype($exts, 'array'); $found = $this->_extensions_mode != 'deny'; foreach ($exts as $val) { if ($ext == strtolower($val)) { return $found; } } return !$found; } Expected result: ---------------- With the new code I'm submitting extensions are checked in a non-case-sensitive manner. For example: $upload = new HTTP_Upload(); $files = $upload->getFiles(); foreach ($files as $file) { $file->setValidExtensions(array('jpg','jpeg','png','gif'), 'accept'); if ($file->isValid()) { ... $file->isValid() should return true. Actual result: -------------- Without the patch I supplied, $file->isValid() will return false because _evalValidExtensions() tests the strings in a case-sensitive manner.

Slight correction: Under "Expected result" I should have said: $file->isValid() should return true when EXAMPLE.JPG is uploaded.

i've made patch that resolves this backward compatible way, by adding new parameter to setValidExtensions() method. http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/php-pear-HTTP_Upload-bug-4318.patch

i've rediff the patch against current cvs (r1.53): http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/php-pear-HTTP_Upload-bug-4318.patch?rev=1.5

This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. thanks a lot!

hmm, the patch i made and the one applied is not identical because is_null() and != are not the same (while !== are) intent was that if null (or no param) is passed then default value from class is used, currently if i pass value "false" from method argument, still the class default will be used because false == null: $ php -r '$var = false; var_dump($var != null);' bool(false) $ php -r '$var = false; var_dump($var !== null);' bool(true) $ php -r '$var = false; var_dump($var == null);' bool(true) your commited code: function setValidExtensions($exts, $mode = 'deny', $case_sensitive = null) { $this->_extensionsCheck = $exts; $this->_extensionsMode = $mode; if ($case_sensitive != null) { $this->_extensionsCaseSensitive = $case_sensitive; } } should be function setValidExtensions($exts, $mode = 'deny', $case_sensitive = null) { $this->_extensionsCheck = $exts; $this->_extensionsMode = $mode; if ($case_sensitive !== null) { $this->_extensionsCaseSensitive = $case_sensitive; } }

an updated patch: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php-pear-HTTP_Upload/php-pear-HTTP_Upload-bug-4318.patch?rev=1.6