Welcome to WebmasterWorld Guest from 54.162.227.136

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

When to stripslashes?

     
1:34 am on Sep 19, 2009 (gmt 0)

5+ Year Member



I'm newish to PHP and I've got an open source file repository that I'm trying to make upload file names with apostrophes in them. They upload fine but when they land they've got "\"s before any apostrophes in the filenames. I feel like stripslashes is the command I need to use, I'm just not quite sure where to add it in.

Here's a clipping of the code marked "uploading"

//uploading
if (isset($_FILES['file'])) {
if ($config['protect_upload']) authorize();
uploadfile($_FILES['file']);
}

function uploadfile($file) {
global $config, $lang, $max_filesize, $errormsg,$dir;

if ($file['error']!=0) {
$errormsg = $lang['upload_error'][$file['error']];
return;
}

//determine filename
$filename=$file['name'];
if (isset($_POST['filename']) && $_POST['filename']!="") $filename=$_POST['filename'];
$filename=basename($filename);
$filename=explode(".",basename($filename));
$ext = $filename[count($filename)-1];
unset($filename[count($filename)-1]);
$filename=join('_',$filename).'.'.$ext;

if (!in_array(strtolower(extname($filename)), $config['allowed_ext'])) {
$errormsg = $lang['upload_badext'];
return;
}

$filesize=$file['size'];
if ($filesize > $max_filesize) {
@unlink($file['tmp_name']);
$errormsg = $lang['upload_error_sizelimit'].' ('.getfilesize($max_filesize).').';
return;
}

$filedest = $config['storage_path'].'/'.$filename;
if (file_exists($filedest) && !$config['allow_overwrite']) {
@unlink($file['tmp_name']);
$errormsg = "$filename ".$lang['upload_error_fileexist'];
return;
}

$filesource=$file['tmp_name'];
if (!file_exists($filesource)) {
$errormsg = "$filesource do no exist!";
return;
} else if (!move_uploaded_file($filesource,$filedest)) {
if (!rename($filesource,$filedest)) {
$errormsg = $lang['upload_error_nocopy'];
return;
}
}

if ($errormsg=="") {
chmod ($filedest, 0755);
if ($config['log_upload']) logadm($lang['UPLOAD'].' '.$filedest);
$loc = rooturl();
if (sizeof($dir)>0) $loc .= join("/",$dir)."/";
Header("Location: ".$loc);
exit;
}
}

Thanks in advance for any advice you may have.

3:34 am on Sep 19, 2009 (gmt 0)

5+ Year Member



The "\" is an escape character typically used for special characters such as single quotations or double quotations.
You will want to use the stripslashes() function right before making the file permanent - in other words before the move_uploaded_file().
I would imagine changing to this line would be okay.

$filedest = $config['storage_path'].'/'.stripslashes($filename);
4:35 am on Sep 19, 2009 (gmt 0)

5+ Year Member



Perfection! Thank you for your quick and useful help d40sithui, I'd been banging my head on this for a few days now. =)
3:41 am on Sep 20, 2009 (gmt 0)

5+ Year Member



Just a quick question. Is there a function that escapes the characters in the first place? I'm assuming it's necessary to do that for parsing reasons?
 

Featured Threads

Hot Threads This Week

Hot Threads This Month