homepage Welcome to WebmasterWorld Guest from 54.197.19.35
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
When to stripslashes?
Revata




msg:3991967
 1:34 am on Sep 19, 2009 (gmt 0)

I'm newish to PHP and I've got an open source file repository that I'm trying to make upload file names with apostrophes in them. They upload fine but when they land they've got "\"s before any apostrophes in the filenames. I feel like stripslashes is the command I need to use, I'm just not quite sure where to add it in.

Here's a clipping of the code marked "uploading"

//uploading
if (isset($_FILES['file'])) {
if ($config['protect_upload']) authorize();
uploadfile($_FILES['file']);
}

function uploadfile($file) {
global $config, $lang, $max_filesize, $errormsg,$dir;

if ($file['error']!=0) {
$errormsg = $lang['upload_error'][$file['error']];
return;
}

//determine filename
$filename=$file['name'];
if (isset($_POST['filename']) && $_POST['filename']!="") $filename=$_POST['filename'];
$filename=basename($filename);
$filename=explode(".",basename($filename));
$ext = $filename[count($filename)-1];
unset($filename[count($filename)-1]);
$filename=join('_',$filename).'.'.$ext;

if (!in_array(strtolower(extname($filename)), $config['allowed_ext'])) {
$errormsg = $lang['upload_badext'];
return;
}

$filesize=$file['size'];
if ($filesize > $max_filesize) {
@unlink($file['tmp_name']);
$errormsg = $lang['upload_error_sizelimit'].' ('.getfilesize($max_filesize).').';
return;
}

$filedest = $config['storage_path'].'/'.$filename;
if (file_exists($filedest) && !$config['allow_overwrite']) {
@unlink($file['tmp_name']);
$errormsg = "$filename ".$lang['upload_error_fileexist'];
return;
}

$filesource=$file['tmp_name'];
if (!file_exists($filesource)) {
$errormsg = "$filesource do no exist!";
return;
} else if (!move_uploaded_file($filesource,$filedest)) {
if (!rename($filesource,$filedest)) {
$errormsg = $lang['upload_error_nocopy'];
return;
}
}

if ($errormsg=="") {
chmod ($filedest, 0755);
if ($config['log_upload']) logadm($lang['UPLOAD'].' '.$filedest);
$loc = rooturl();
if (sizeof($dir)>0) $loc .= join("/",$dir)."/";
Header("Location: ".$loc);
exit;
}
}

Thanks in advance for any advice you may have.

 

d40sithui




msg:3992018
 3:34 am on Sep 19, 2009 (gmt 0)

The "\" is an escape character typically used for special characters such as single quotations or double quotations.
You will want to use the stripslashes() function right before making the file permanent - in other words before the move_uploaded_file().
I would imagine changing to this line would be okay.

$filedest = $config['storage_path'].'/'.stripslashes($filename);

Revata




msg:3992028
 4:35 am on Sep 19, 2009 (gmt 0)

Perfection! Thank you for your quick and useful help d40sithui, I'd been banging my head on this for a few days now. =)

Revata




msg:3992340
 3:41 am on Sep 20, 2009 (gmt 0)

Just a quick question. Is there a function that escapes the characters in the first place? I'm assuming it's necessary to do that for parsing reasons?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved