homepage Welcome to WebmasterWorld Guest from 54.205.207.53
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
When to stripslashes?
Revata

5+ Year Member



 
Msg#: 3991965 posted 1:34 am on Sep 19, 2009 (gmt 0)

I'm newish to PHP and I've got an open source file repository that I'm trying to make upload file names with apostrophes in them. They upload fine but when they land they've got "\"s before any apostrophes in the filenames. I feel like stripslashes is the command I need to use, I'm just not quite sure where to add it in.

Here's a clipping of the code marked "uploading"

//uploading
if (isset($_FILES['file'])) {
if ($config['protect_upload']) authorize();
uploadfile($_FILES['file']);
}

function uploadfile($file) {
global $config, $lang, $max_filesize, $errormsg,$dir;

if ($file['error']!=0) {
$errormsg = $lang['upload_error'][$file['error']];
return;
}

//determine filename
$filename=$file['name'];
if (isset($_POST['filename']) && $_POST['filename']!="") $filename=$_POST['filename'];
$filename=basename($filename);
$filename=explode(".",basename($filename));
$ext = $filename[count($filename)-1];
unset($filename[count($filename)-1]);
$filename=join('_',$filename).'.'.$ext;

if (!in_array(strtolower(extname($filename)), $config['allowed_ext'])) {
$errormsg = $lang['upload_badext'];
return;
}

$filesize=$file['size'];
if ($filesize > $max_filesize) {
@unlink($file['tmp_name']);
$errormsg = $lang['upload_error_sizelimit'].' ('.getfilesize($max_filesize).').';
return;
}

$filedest = $config['storage_path'].'/'.$filename;
if (file_exists($filedest) && !$config['allow_overwrite']) {
@unlink($file['tmp_name']);
$errormsg = "$filename ".$lang['upload_error_fileexist'];
return;
}

$filesource=$file['tmp_name'];
if (!file_exists($filesource)) {
$errormsg = "$filesource do no exist!";
return;
} else if (!move_uploaded_file($filesource,$filedest)) {
if (!rename($filesource,$filedest)) {
$errormsg = $lang['upload_error_nocopy'];
return;
}
}

if ($errormsg=="") {
chmod ($filedest, 0755);
if ($config['log_upload']) logadm($lang['UPLOAD'].' '.$filedest);
$loc = rooturl();
if (sizeof($dir)>0) $loc .= join("/",$dir)."/";
Header("Location: ".$loc);
exit;
}
}

Thanks in advance for any advice you may have.

 

d40sithui

5+ Year Member



 
Msg#: 3991965 posted 3:34 am on Sep 19, 2009 (gmt 0)

The "\" is an escape character typically used for special characters such as single quotations or double quotations.
You will want to use the stripslashes() function right before making the file permanent - in other words before the move_uploaded_file().
I would imagine changing to this line would be okay.

$filedest = $config['storage_path'].'/'.stripslashes($filename);

Revata

5+ Year Member



 
Msg#: 3991965 posted 4:35 am on Sep 19, 2009 (gmt 0)

Perfection! Thank you for your quick and useful help d40sithui, I'd been banging my head on this for a few days now. =)

Revata

5+ Year Member



 
Msg#: 3991965 posted 3:41 am on Sep 20, 2009 (gmt 0)

Just a quick question. Is there a function that escapes the characters in the first place? I'm assuming it's necessary to do that for parsing reasons?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved