[pmwiki-users] MakeUploadNamePatterns surprise
Carles Escrig Royo
esroyo at gmail.com
Tue Jun 17 08:42:26 CDT 2014
Oh, I just realized I could do something like:
function underscore() { return '_';}
$MakeUploadNamePatterns = array(
"/[^$UploadNameChars]/" => '',
'/\\.[^.]*$/e' => 'strtolower("$0")',
'/^[^[:alnum:]_]+/' => '',
'/[^[:alnum:]_]+$/' => '',
'/\\s/' => 'underscore');
I'm stupid, sorry :/
On 06/17/2014 11:51 AM, Carles Escrig Royo wrote:
> Hi all,
>
> I used to have the $MakeUploadNamePatterns defined as:
>
> $UploadNameChars = "-\\w. ";
> $MakeUploadNamePatterns = array(
> "/[^$UploadNameChars]/" => '',
> '/\\.[^.]*$/e' => 'strtolower("$0")',
> '/^[^[:alnum:]_]+/' => '',
> '/[^[:alnum:]_]+$/' => '',
> '/\\s/' => '_');
>
> Note it only differs with default on the space-underscore substitution.
>
> I just upgraded php and all other software in the server, and to my
> surprise filenames are not sanitized as expected any more. Lots of files
> are not recognized because their sanitized name is different :(
>
> The reason is that "_" is now a callable function of php:
>
> http://fr.php.net/_
>
> (Or, may be I didn't have the gettext extension enabled before)
>
> Anyway, do you think It's possible to bypass the problem without
> modifying scripts/upload.php?
>
>
> Regards,
>
> carles
>
More information about the pmwiki-users
mailing list