Upload code script issues - renaming file names
Posted: Fri Jan 20, 2006 7:49 am
I use an upload script which I found on phphq.net.
The only problem it has is that when someone uses it to upload a file to my server that has an apostrophe in the file name, it turns it into a back slash, and I am then unable to delete it from my server because I get an invalid filename error. The only way to delete the files is to contact my provider and have them manually remove it. Can someone help me correct this problem?
Example file name: "Don't Blame Me.jpg" turns into "Don/t Blame Me.jpg"
Maybe there is something I can add to the code to disallow file names with apostrophes?
The only problem it has is that when someone uses it to upload a file to my server that has an apostrophe in the file name, it turns it into a back slash, and I am then unable to delete it from my server because I get an invalid filename error. The only way to delete the files is to contact my provider and have them manually remove it. Can someone help me correct this problem?
Example file name: "Don't Blame Me.jpg" turns into "Don/t Blame Me.jpg"
Maybe there is something I can add to the code to disallow file names with apostrophes?
Code: Select all
<?
/*
//================================================================================
* phphq.Net Custom PHP Scripts *
//================================================================================
:- Script Name: phUploader
:- Version: 1.1
:- Release Date: June 23rd 2004
:- Last Updated: July 12th 2004
:- Author: Scott L. aka. Panther <scott@phphq.net> http://www.phphq.net
:- Copyright (c) 2004 All Rights Reserved
:-
:- This script is freeware. Permission is granted to copy and distribute this
:- program so long as it is not modified in any way and no fees are exchanged.
:- All copyright text must remain visible and unmodified.
//================================================================================
* Description
//================================================================================
:- phUploader is a script for uploading images or files to a server. It comes with the option for image or file uploads,
:- or both. You can specify your own file extensions that are accepted, the file size and naming options. The script
:- has the capability to setup folders and chmod on the first run for easier setup for new users. This was tested with
:- Linux and WindowsXP (EasyPHP). This script is very useful for temporary file storage or simple sig and avatar hosting.
//================================================================================
* Setup
//================================================================================
:- To setup this script, edit the values below and run the script from your browser. If you have troubles getting the script
:- to setup your folders, please do this manually. phphq.net has information on how to do this. If not, post in the forums.
:- Please keep the array format when setting the extensions, incorrect format will prevent the script from working correctly.
:- For help and support with this script, please use the forums on phphq.Net. Please do not email me for support.
:- Note, even though you set a max file size, if the size you set is bigger then what your php server allows,
:- the file will be denied without reason. Please check with your host to see how big of files php will accept.
:- with folders, I set them to be easier, If you need to use full server paths please setup the folders and chmod manually.
:- this script will only setup folders that are 1 level below the main script.
*/
/* -====- Edit The Values below ! Read Above (Setup) ^^ First ! -====- */
$maxsize="0"; // In KiloBytes, set to 0 for unlimited.
$randomname="0"; // Use random file names? 1=yes, 0=use original file name.
$usetypes="1"; // Leave this to 1 to restrict file types (Below), change to 0 to allow all file types.
$types=array("jpg","gif","bmp","mp3","mov","qt","rm","avi","wmv","mpeg","rar","zip"); // Please keep structure.
$url="http://www.ozzyhead.com.com/userpics/"; // Full url to where files are stored. With Trailing Slash
$folder="./files/"; // Path to files folder. If this fails use full path below. With trailing slash
$fullpath=""; // Only use this variable if you wish to use full server paths. Otherwise leave this empty! With trailing slash
$password=""; //Use this only if you want to password protect your uploads.
//Edit some design vars.
$textcolor="#000000";
$textface="arial";
$textsize="10px";
$pagebg="#777777";
$tablebg="#D2B48C";
/* -====- Stop Editing -====- */
If($password) {
If($_POST['verify']) {
If($_POST['dopass']=="$password") {
$_SESSION['phUploader']="True";
}
}
}
?>
<html>
<head>
<title>Ozzyhead.com - Upload Your Pictures</title>
</head>
<style type="text/css">
body{background-color:<?Echo($pagebg);?>;}
a:link {text-decoration:none; color:<?Echo($textcolor);?>;}
a:visited {text-decoration:none; color:<?Echo($textcolor);?>;}
.text{font-face:<?Echo($textface);?>; font-size:<?Echo($textsize);?>; font-color:<?Echo($textcolor);?>;}
input{font-face:<?Echo($textface);?>; font-size:<?Echo($textsize);?>; font-color:<?Echo($textcolor);?>;}
</style>
<body><br>
<?
function copyright() {
global $pagebg;
Echo("<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#000000\" width=\"400\" align=\"center\" bgcolor=\"$pagebg\" class=\"text\">\n");
Echo("<tr>\n");
Echo("<td align=\"right\"><a href=\"http://www.phphq.net/?script=phUploader\" target=\"_blank\"></a></td>\n");
Echo("</tr>\n");
Echo("</table>\n");
Echo("</body>\n");
Echo("</html>\n");
}
If($password) {
If($_SESSION['phUploader']!="True") {
Echo("<form method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n");
Echo("<table border=\"1\" cellpadding=\"1\" cellspacing=\"0\" style=\"border-collapse: collapse\" bordercolor=\"#000000\" width=\"400\" align=\"center\" class=\"text\" bgcolor=\"".$tablebg."\">\n");
Echo("<tr>\n");
Echo("<td width=\"70%\">Enter Password:</td>\n");
Echo("<td width=\"30%\"><input type=\"password\" name=\"dopass\" /></td>\n");
Echo("<input type=\"hidden\" name=\"verify\" value=\"true\">\n");
Echo("<td colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"verify\" value=\" Verify Password \" /></td>\n");
Echo("</tr>\n");
Echo("</table>\n");
Echo("</form>\n");
exit(copyright());
}
}
If($fullpath){$folder=$fullpath;}
If(!$fullpath) {
$folder2=str_replace(".","",str_replace("/","",$folder));
If(!is_dir($folder2)) {
Echo("<div align=\"center\" class=\"text\">The folder: <b>$folder2</b> does not exists. I am going to try and create it.</div><br />\n");
If(!@mkdir($folder2)) {
exit("<div align=\"center\" class=\"text\">Creating the directory <b>$folder2 failed</b>. Please do this manually.</div><br />\n");
} Else {
Echo("<div align=\"center\" class=\"text\">Directory created, now I am going to try and chmod the directory for you.</div><br />\n");
If(!@chmod($folder2,octdec("0777"))) {
exit("<div align=\"center\" class=\"text\">Folder chmod was not successful. Please use a ftp client or SSH to chmod the folder <b>$folder</b> 777</div><br />\n");
} Else {
Echo("<div align=\"center\" class=\"text\">Chmod was successful, please continue using this script.</div><br />\n");
}
}
}
}
If($_POST['doupload']) {
$file=$_FILES['file']['tmp_name'];
$size=$_FILES['file']['size'];
$type=$_FILES['file']['type'];
$name=strtolower($_FILES['file']['name']);
$ext=substr(strrchr($name, "."), 1);
$ext=str_replace("jpeg", "jpg", $ext);
If($randomname){
$rand=rand(0,100);
$name=$rand."_".time().".".$ext;
}
$error="";
If(!$file) {
$error="1";
$text .="<b><font face=arial size=1>No file selected</b><br />\n";
}
If($file) {
If($maxsize) {
If($size > ($maxsize*1024)) {
$error="1";
$text .="<b><font face=arial size=1>Your file is to big</b><br />\n";
}
}
If($usetypes) {
If(!in_array($ext,$types)) {
$error="1";
$text .="<b><font face=arial size=1>Invalid file type</b><br />\n";
}
}
If(file_exists($folder.$name)) {
$error="1";
$text .="<b><font face=arial size=1>Please rename your file.<br /></b><br />\n";
}
}
If($error=="1") {
Echo("<div align=\"center\" class=\"text\">$text</div>\n");
@unlink($file);
} Else {
@move_uploaded_file($file,$folder.$name) or die("Couldn't copy file to server, please make sure ".$folder." is chmod 777.".copyright());
exit("<div align=\"center\" class=\"text\"><font face=arial size=1>File uploaded! <br /><br /><font face=arial size=1>Your picture will appear on Ozzyhead.com once it has been approved.<br /><br /><a href=\"".$_SERVER['PHP_SELF']."\"><font face=arial size=1><u>Click here to upload another file</u></a><br><br></div>\n");
}
}
/* Below is the upload form. Edit as you wish. Note: Editing this section without knowing what you are doing may result in a usuless script. */
?>
<form action="<?Echo($_SERVER['PHP_SELF']);?>" method="POST" enctype="multipart/form-data">
<table border="1" cellpadding="3" cellspacing="0" style="border-collapse: collapse" bordercolor="#000000" width="400" align="center" bgcolor="<?Echo($tablebg);?>" class="text">
<tr>
<td colspan="2" align="center"><font face=arial size=1>Allowed Types: <?Echo(implode(", ",$types))?></td>
</tr>
<tr>
<td colspan="2" align="center"><font face=arial size=1>Max File Size: <?If(!$maxsize){Echo("No Limit");}Else{Echo($maxsize."kb");}?></td>
</tr>
<tr>
<td><font face=arial size=1>Select file to upload: </td>
<td><input type="file" name="file"></td>
</tr>
<tr>
<input type="hidden" name="doupload" value="True">
<td colspan="2" align="center"><input type="submit" name="doupload" value=" Upload File "> <input type="reset" name="reset" value=" Reset Form "></td>
</tr>
</table>
</form>
<?copyright();?>