Fork me on GitHub
Subscribe 2

Ticket #444 (fixed bug)

magic_quotes_gpc and $_FILES

  • Created: 2011-05-21 17:32:28
  • Reported by: artoodetoo
  • Assigned to: Reines
  • Milestone: 1.4.6
  • Component: security
  • Priority: low

Superglobal variable $_FILES depends on magic_quotes_gpc and not filtered against slashes.

As far as I can recognize, it's not critical for current core state, but can be dangerous for mods and plugins.
For example, file name "David's Image.jpg" will look like "David\\\'s Image.jpg" wich can provide troubles if you'll try to save file "as is" on Windows.

Solution: just add
$_FILES = stripslashes_array($_FILES);
to include/common.php

History

Reines 2011-05-25 17:31:15

  • Milestone set to 1.4.6.

Reines 2011-05-26 21:25:18

  • Owner set to Reines.
  • Status changed from open to fixed.