file upload character remove? hmmmmm

paolodit

I am baffled!

I cant seem to get linux unsafe characters to be automatically removed from a filename, when uploading.

I have tested my str_replace seperately on a text string, and it removes characters such as: &

However within the context of my upload script, it leaves them in, thus screwing up, the filenames on linux server, leaving in the &.. weird? try it with a filename with & in

Can anyone else see anything blatantly wrong? (i have extracted the core bits for ease of reading):

$filetype = $FILES['filesent']['type'] ;
$filename = $FILES['filesent']['name'] ;
$filesize = ceil($FILES['filesent']['size'] / 1024) ;
$upload_error = $FILES['filesent']['error'] ;

//replace dodgy characters

$replace_any = array("'","\"", "/", "\", " ","$", "&", ";", ":", "~", "(", ")", "*", "%", "^", "£", "!", "+", "=", "?", "#", "@", "{", "}", "|" );

foreach ($replace_any as $replace_this)

{

$filenameB = str_replace($replace_this, "_", $filename);

}

echo "filenameB[" . $filenameB . "]<br>";

move_uploaded_file ( $_FILES['filesent']['tmp_name'] , "$destination_directory$filenameB" );

Any idea?? I have trawled the board, but hmmmm cant find similar issue... Is it my Linux??????

thanks !
Paolo

Weedpacket

First of all, [man]str_replace[/man] can work with arrays. You might also want to look at [man]strtr[/man].

Fact is, your loop is replacing apostrophes in $filename, and putting the result in $filenameB. Then it is replacing double quotes in $filename, and putting the result in $filenameB - overwriting the result of the previous apostrophe-replacing iteration.

paolodit

sometimes you need the obvious pointed out!

lol.

YOu know when something is staring you in the face?? but you cant see it?

I can now... lol

THANKS smokey dude