PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I am trying to upload a file (simple html multipart form) to a windows server. If I have a file with a single quote "'" in the name, it renames the file to everything after the single quote.
I just added a hidden field on my upload page that captures the value of the file field. I then passed that along to my action page and stripped off the file name, then renamed the file (after move_uploaded_file()) to the value I sent through on the hidden field.
This is a security measure. Also, the RFCs do not require browsers to
pass the full orginal name to an application in the first place, do you
should never rely on this field.
Just remember it's a security measure not a bug! But don't worry this security measure has been fixed in CVS.