Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.0b4

Request #4318 file extension checking should not be case-sensitive
Submitted: 2005-05-10 16:53 UTC
From: talkingrock at gmail dot com Assigned: wenz
Status: Closed Package: HTTP_Upload
PHP Version: 4.3.7 OS: any
Roadmaps: (Not assigned)    
Subscription  


 [2005-05-10 16:53 UTC] talkingrock at gmail dot com
Description: ------------ When a file is uploaded, the package checks the file extension against a list of acceptable or unacceptable extensions, which has a default value but can be set externally. Currently, this is done in a case-sensitive manner. For example, if 'scr' is in the 'deny' list, *.SCR files will be accepted. The only way to deny files of this type is to list 'scr', 'Scr', 'SCr', 'SCR', 'sCr', 'sCR', 'scR', 'sCR', 'SCR'... (did I get them all?) Reproduce code: --------------- PATCH - replace _evalValidExtensions() with below: function _evalValidExtensions() { $ext = strtolower($this->getProp('ext')); $exts = $this->_extensions_check; settype($exts, 'array'); $found = $this->_extensions_mode != 'deny'; foreach ($exts as $val) { if ($ext == strtolower($val)) { return $found; } } return !$found; } Expected result: ---------------- With the new code I'm submitting extensions are checked in a non-case-sensitive manner. For example: $upload = new HTTP_Upload(); $files = $upload->getFiles(); foreach ($files as $file) { $file->setValidExtensions(array('jpg','jpeg','png','gif'), 'accept'); if ($file->isValid()) { ... $file->isValid() should return true. Actual result: -------------- Without the patch I supplied, $file->isValid() will return false because _evalValidExtensions() tests the strings in a case-sensitive manner.

Comments

 [2005-05-10 16:57 UTC] talkingrock at gmail dot com
Slight correction: Under "Expected result" I should have said: $file->isValid() should return true when EXAMPLE.JPG is uploaded.
 [2005-06-06 14:05 UTC] glen at delfi dot ee
i've made patch that resolves this backward compatible way, by adding new parameter to setValidExtensions() method. http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/php-pear-HTTP_Upload-bug-4318.patch
 [2006-02-22 12:14 UTC] glen at delfi dot ee (Elan Ruusamäe)
 [2007-04-04 16:54 UTC] wenz (Christian Wenz)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. thanks a lot!
 [2010-08-19 15:17 UTC] glen (Elan Ruusamäe)
hmm, the patch i made and the one applied is not identical because is_null() and != are not the same (while !== are) intent was that if null (or no param) is passed then default value from class is used, currently if i pass value "false" from method argument, still the class default will be used because false == null: $ php -r '$var = false; var_dump($var != null);' bool(false) $ php -r '$var = false; var_dump($var !== null);' bool(true) $ php -r '$var = false; var_dump($var == null);' bool(true) your commited code: function setValidExtensions($exts, $mode = 'deny', $case_sensitive = null) { $this->_extensionsCheck = $exts; $this->_extensionsMode = $mode; if ($case_sensitive != null) { $this->_extensionsCaseSensitive = $case_sensitive; } } should be function setValidExtensions($exts, $mode = 'deny', $case_sensitive = null) { $this->_extensionsCheck = $exts; $this->_extensionsMode = $mode; if ($case_sensitive !== null) { $this->_extensionsCaseSensitive = $case_sensitive; } }