Edit report at http://pear.php.net/bugs/bug.php?id=4318&edit=1

ID: 4318
Comment by: glen@delfi.ee
Reported By: talkingrock at gmail dot com
Summary: file extension checking should not be case-sensitive
Status: Closed
Type: Feature/Change Request
Package: HTTP_Upload
Operating System: any
PHP Version: 4.3.7
Assigned To: wenz
Roadmap Versions:
New Comment:

hmm, the patch i made and the one applied is not identical

because is_null() and != are not the same (while !== are)

intent was that if null (or no param) is passed then default value from
class is used, currently if i pass value "false" from method argument,
still the class default will be used because false == null:

$ php -r '$var = false; var_dump($var != null);'

$ php -r '$var = false; var_dump($var !== null);'

$ php -r '$var = false; var_dump($var == null);'

your commited code:

function setValidExtensions($exts, $mode = 'deny', $case_sensitive =
$this->_extensionsCheck = $exts;
$this->_extensionsMode = $mode;
if ($case_sensitive != null) {
$this->_extensionsCaseSensitive = $case_sensitive;

should be

function setValidExtensions($exts, $mode = 'deny', $case_sensitive =
$this->_extensionsCheck = $exts;
$this->_extensionsMode = $mode;
if ($case_sensitive !== null) {
$this->_extensionsCaseSensitive = $case_sensitive;

Previous Comments:

[2007-04-04 12:54:56] wenz

This bug has been fixed in CVS.

If this was a documentation problem, the fix will appear on pear.php.net
by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should
be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

thanks a lot!


[2006-02-22 07:14:14] glen at delfi dot ee

i've rediff the patch against current cvs (r1.53):



[2005-06-06 10:05:09] glen at delfi dot ee

i've made patch that resolves this backward compatible way, by adding
new parameter to setValidExtensions() method.



[2005-05-10 12:57:03] talkingrock at gmail dot com

Slight correction: Under "Expected result" I should have said:
$file->isValid() should return true when EXAMPLE.JPG is uploaded.


[2005-05-10 12:53:05] talkingrock at gmail dot com

When a file is uploaded, the package checks the file extension against a
list of acceptable or unacceptable extensions, which has a default value
but can be set externally. Currently, this is done in a case-sensitive
manner. For example, if 'scr' is in the 'deny' list, *.SCR files will be
accepted. The only way to deny files of this type is to list 'scr',
'Scr', 'SCr', 'SCR', 'sCr', 'sCR', 'scR', 'sCR', 'SCR'... (did I get
them all?)

Reproduce code:
PATCH - replace _evalValidExtensions() with below:

function _evalValidExtensions()
$ext = strtolower($this->getProp('ext'));
$exts = $this->_extensions_check;
settype($exts, 'array');
$found = $this->_extensions_mode != 'deny';
foreach ($exts as $val)
if ($ext == strtolower($val))
return $found;
return !$found;

Expected result:
With the new code I'm submitting extensions are checked in a
non-case-sensitive manner. For example:

$upload = new HTTP_Upload();
$files = $upload->getFiles();
foreach ($files as $file)
$file->setValidExtensions(array('jpg','jpeg','png','gif'), 'accept');
if ($file->isValid())

$file->isValid() should return true.

Actual result:
Without the patch I supplied, $file->isValid() will return false because
_evalValidExtensions() tests the strings in a case-sensitive manner.


Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 2 | next ›
Discussion Overview
grouppear-bugs @
postedAug 19, '10 at 11:17a
activeAug 19, '10 at 11:37a

1 user in discussion

Glen: 2 posts



site design / logo © 2022 Grokbase