Can someone explain the closing comment on this bug report to me?
http://bugs.php.net/bug.php?id=38245
Surely in a addslashes-escaped string, \ is the Windows directory
separator, not .The bug clearly describes irreversible corruption of upload filenames
by
PHP. I just had a report of it in a MediaWiki context, and I can't
believe that it wouldn't be considered a bug.
Coming in late, but there has been no response I can see so far...
You may also want to test with magic_quotes_gpc OFF and see if that
makes a difference.
I'm not sure why basename would be applied at all, since the browser
only sends the basename of the file anyway, no?
Perhaps, however, this is to avoid "hacks" that upload files with
bogus filenames in attempts to do evil things...
Even so, the basename should/could be applied before the magic quotes,
I should think.
On the plus side, if this bug gets people to turn OFF Magic Quotes,
that's a net gain. :-)
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?