FAQ
Edit report at http://pear.php.net/bugs/bug.php?id=4318&edit=1

ID: 4318
Comment by: glen@delfi.ee
Reported By: talkingrock at gmail dot com
Summary: file extension checking should not be case-sensitive
Status: Closed
Type: Feature/Change Request
Package: HTTP_Upload
Operating System: any
PHP Version: 4.3.7
Assigned To: wenz
Roadmap Versions:
New Comment:

hmm, the patch i made and the one applied is not identical

because is_null() and != are not the same (while !== are)

intent was that if null (or no param) is passed then default value from
class is used, currently if i pass value "false" from method argument,
still the class default will be used because false == null:


$ php -r '$var = false; var_dump($var != null);'
bool(false)

$ php -r '$var = false; var_dump($var !== null);'
bool(true)

$ php -r '$var = false; var_dump($var == null);'
bool(true)


your commited code:


function setValidExtensions($exts, $mode = 'deny', $case_sensitive =
null)
{
$this->_extensionsCheck = $exts;
$this->_extensionsMode = $mode;
if ($case_sensitive != null) {
$this->_extensionsCaseSensitive = $case_sensitive;
}
}

should be


function setValidExtensions($exts, $mode = 'deny', $case_sensitive =
null)
{
$this->_extensionsCheck = $exts;
$this->_extensionsMode = $mode;
if ($case_sensitive !== null) {
$this->_extensionsCaseSensitive = $case_sensitive;
}
}


Previous Comments:
------------------------------------------------------------------------

[2007-04-04 12:54:56] wenz

This bug has been fixed in CVS.

If this was a documentation problem, the fix will appear on pear.php.net
by the end of next Sunday (CET).

If this was a problem with the pear.php.net website, the change should
be live shortly.

Otherwise, the fix will appear in the package's next release.

Thank you for the report and for helping us make PEAR better.

thanks a lot!

------------------------------------------------------------------------

[2006-02-22 07:14:14] glen at delfi dot ee

i've rediff the patch against current cvs (r1.53):

http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/php-pear-HTTP_Upload-bug-4318.patch?rev=1.5

------------------------------------------------------------------------

[2005-06-06 10:05:09] glen at delfi dot ee

i've made patch that resolves this backward compatible way, by adding
new parameter to setValidExtensions() method.

http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/php-pear-HTTP_Upload-bug-4318.patch

------------------------------------------------------------------------

[2005-05-10 12:57:03] talkingrock at gmail dot com

Slight correction: Under "Expected result" I should have said:
$file->isValid() should return true when EXAMPLE.JPG is uploaded.

------------------------------------------------------------------------

[2005-05-10 12:53:05] talkingrock at gmail dot com

Description:
------------
When a file is uploaded, the package checks the file extension against a
list of acceptable or unacceptable extensions, which has a default value
but can be set externally. Currently, this is done in a case-sensitive
manner. For example, if 'scr' is in the 'deny' list, *.SCR files will be
accepted. The only way to deny files of this type is to list 'scr',
'Scr', 'SCr', 'SCR', 'sCr', 'sCR', 'scR', 'sCR', 'SCR'... (did I get
them all?)

Reproduce code:
---------------
PATCH - replace _evalValidExtensions() with below:

function _evalValidExtensions()
{
$ext = strtolower($this->getProp('ext'));
$exts = $this->_extensions_check;
settype($exts, 'array');
$found = $this->_extensions_mode != 'deny';
foreach ($exts as $val)
{
if ($ext == strtolower($val))
{
return $found;
}
}
return !$found;
}


Expected result:
----------------
With the new code I'm submitting extensions are checked in a
non-case-sensitive manner. For example:

$upload = new HTTP_Upload();
$files = $upload->getFiles();
foreach ($files as $file)
{
$file->setValidExtensions(array('jpg','jpeg','png','gif'), 'accept');
if ($file->isValid())
{
...

$file->isValid() should return true.

Actual result:
--------------
Without the patch I supplied, $file->isValid() will return false because
_evalValidExtensions() tests the strings in a case-sensitive manner.

------------------------------------------------------------------------

Search Discussions

  • Glen at Aug 19, 2010 at 11:37 am
    Edit report at http://pear.php.net/bugs/bug.php?id=4318&edit=1

    ID: 4318
    Comment by: glen@delfi.ee
    Reported By: talkingrock at gmail dot com
    Summary: file extension checking should not be case-sensitive
    Status: Closed
    Type: Feature/Change Request
    Package: HTTP_Upload
    Operating System: any
    PHP Version: 4.3.7
    Assigned To: wenz
    Roadmap Versions:
    New Comment:

    an updated patch:

    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php-pear-HTTP_Upload/php-pear-HTTP_Upload-bug-4318.patch?rev=1.6


    Previous Comments:
    ------------------------------------------------------------------------

    [2010-08-19 11:17:46] glen

    hmm, the patch i made and the one applied is not identical

    because is_null() and != are not the same (while !== are)

    intent was that if null (or no param) is passed then default value from
    class is used, currently if i pass value "false" from method argument,
    still the class default will be used because false == null:


    $ php -r '$var = false; var_dump($var != null);'
    bool(false)

    $ php -r '$var = false; var_dump($var !== null);'
    bool(true)

    $ php -r '$var = false; var_dump($var == null);'
    bool(true)


    your commited code:


    function setValidExtensions($exts, $mode = 'deny', $case_sensitive =
    null)
    {
    $this->_extensionsCheck = $exts;
    $this->_extensionsMode = $mode;
    if ($case_sensitive != null) {
    $this->_extensionsCaseSensitive = $case_sensitive;
    }
    }

    should be


    function setValidExtensions($exts, $mode = 'deny', $case_sensitive =
    null)
    {
    $this->_extensionsCheck = $exts;
    $this->_extensionsMode = $mode;
    if ($case_sensitive !== null) {
    $this->_extensionsCaseSensitive = $case_sensitive;
    }
    }

    ------------------------------------------------------------------------

    [2007-04-04 12:54:56] wenz

    This bug has been fixed in CVS.

    If this was a documentation problem, the fix will appear on pear.php.net
    by the end of next Sunday (CET).

    If this was a problem with the pear.php.net website, the change should
    be live shortly.

    Otherwise, the fix will appear in the package's next release.

    Thank you for the report and for helping us make PEAR better.

    thanks a lot!

    ------------------------------------------------------------------------

    [2006-02-22 07:14:14] glen at delfi dot ee

    i've rediff the patch against current cvs (r1.53):

    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/php-pear-HTTP_Upload-bug-4318.patch?rev=1.5

    ------------------------------------------------------------------------

    [2005-06-06 10:05:09] glen at delfi dot ee

    i've made patch that resolves this backward compatible way, by adding
    new parameter to setValidExtensions() method.

    http://cvs.pld-linux.org/cgi-bin/cvsweb/SOURCES/php-pear-HTTP_Upload-bug-4318.patch

    ------------------------------------------------------------------------

    [2005-05-10 12:57:03] talkingrock at gmail dot com

    Slight correction: Under "Expected result" I should have said:
    $file->isValid() should return true when EXAMPLE.JPG is uploaded.

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
    http://pear.php.net/bugs/bug.php?id=4318

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
categoriesphp
postedAug 19, '10 at 11:17a
activeAug 19, '10 at 11:37a
posts2
users1
websitepear.php.net

1 user in discussion

Glen: 2 posts

People

Translate

site design / logo © 2022 Grokbase