[RESOLVED] File corruption in upload

kureckam

I've been searching for a solution but unable to find one, so I'm posting here.
I'm using the standard html form layout to upload a file to the server.

   <link type="text/css" rel="stylesheet" href="../../css/content.css" />
               <h2 align="center">Download Data</h2>
               <br/>
               <form name="DownloadForm" action="download.php" method="post" enctype="multipart/form-data">
                  <table>
                     <tr>
                        <td>
                           <input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
                           Upload File: <input type="file" name="uploadFile" />
                       </td>
                    </tr>
                 </table>
                 <h1 align="center"><input id="submitButton" type="submit" value="Submit" /></h1>
              </form>

I created a file that has hex values 0x00 to 0xFF. The file is 256 bytes and I uploaded it. The $_FILES["uploadFile"]["size"] displays the size correctly as 256 bytes but when I look at it on the server the size is only 252 bytes. It seems that any hex chars of 0x00 are removed. In addition the chars < (0x3C) = (0x3D) and > (0x3E) are removed. I have found that any information after the < character is removed until it encounters a > character. Can anyone tell me why the file isn't being uploaded in tact?

PHP Version = 5.2.10
Apache Version = 2.2.13
Linux Debian

NogDog

I'm not aware of anything PHP would do by default. Assuming you're sure there's not PHP processing of the file before you view it, I'd check with the web host sysadmin to see if they are doing any sort of filtering of file uploads. Maybe try changing the file name suffix to something like ".jpg" which presumably such a filter would not want to mess with (as opposed to text files that might have XSS or other similar malicious content).

kureckam

The server is on an embedded device that we have created so there is nothing that a web hoster would be doing. There is no know filtering going on unless there is something in Apache but I wasn't able to find anything of note. I have also tried multiple file types and extensions but the result is always the same. I just find it interesting that the problem characters are the NULL character and the < > characters as used by scripting languages.

kureckam

My apologies for wasting everyone's time. I found the problem. I had copied some to do the upload and as part of it they were reformatting the file by using strip_tags. I removed that code and it works fine.