Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.0.0b4

Request #4318 file extension checking should not be case-sensitive
Submitted: 2005-05-10 16:53 UTC
From: talkingrock at gmail dot com Assigned: wenz
Status: Closed Package: HTTP_Upload
PHP Version: 4.3.7 OS: any
Roadmaps: (Not assigned)    
Subscription  


 [2005-05-10 16:53 UTC] talkingrock at gmail dot com
Description: ------------ When a file is uploaded, the package checks the file extension against a list of acceptable or unacceptable extensions, which has a default value but can be set externally. Currently, this is done in a case-sensitive manner. For example, if 'scr' is in the 'deny' list, *.SCR files will be accepted. The only way to deny files of this type is to list 'scr', 'Scr', 'SCr', 'SCR', 'sCr', 'sCR', 'scR', 'sCR', 'SCR'... (did I get them all?) Reproduce code: --------------- PATCH - replace _evalValidExtensions() with below: function _evalValidExtensions() { $ext = strtolower($this->getProp('ext')); $exts = $this->_extensions_check; settype($exts, 'array'); $found = $this->_extensions_mode != 'deny'; foreach ($exts as $val) { if ($ext == strtolower($val)) { return $found; } } return !$found; } Expected result: ---------------- With the new code I'm submitting extensions are checked in a non-case-sensitive manner. For example: $upload = new HTTP_Upload(); $files = $upload->getFiles(); foreach ($files as $file) { $file->setValidExtensions(array('jpg','jpeg','png','gif'), 'accept'); if ($file->isValid()) { ... $file->isValid() should return true. Actual result: -------------- Without the patch I supplied, $file->isValid() will return false because _evalValidExtensions() tests the strings in a case-sensitive manner.

Comments

 [2005-05-10 16:57 UTC] talkingrock at gmail dot com
Slight correction: Under "Expected result" I should have said: $file->isValid() should return true when EXAMPLE.JPG is uploaded.
 [2005-06-06 14:05 UTC] glen at delfi dot ee
i've made patch that resolves this backward compatible way, by adding new parameter to setValidExtensions() method. http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/php-pear-HTTP_Upload-bug-4318.patch
 [2006-02-22 12:14 UTC] glen at delfi dot ee (Elan Ruusamäe)
 [2007-04-04 16:54 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2010-08-19 15:17 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!
 [2010-08-19 15:37 UTC] User who submitted this comment has not confirmed identity
If you submitted this note, check your email.If you do not have a message, click here to re-send
MANUAL CONFIRMATION IS NOT POSSIBLE.  Write a message to pear-dev@lists.php.net
to request the confirmation link.  All bugs/comments/patches associated with this

email address will be deleted within 48 hours if the account request is not confirmed!