Red Hat Bugzilla – Bug 25831
Content type added to uploaded file in php-4.0.4pl1
Last modified: 2007-04-18 12:31:06 EDT
When uploading a file from the web-browser, the destination file is longer
than the source file and contains 2 extra lines at the top. The first line
looks something like "Content-Type: image/pjpeg". The second line is
blank. The _type variable is empty.
Steps to Reproduce:
The following script (upload.php) illustrates the problem:
<FORM ENCTYPE="multipart/form-data" ACTION="upload.php"
<INPUT TYPE="hidden" name="MAX_FILE_SIZE"
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
Here is the output produced for a sample jpeg of 41052 bytes:
As you can see, the file is 29 bytes longer than it should be...
Here is what I get when pressing the "send file" button without specifying
The file "uploaded" looks like this:
*** cut here ***
*** cut here ***
Expected Results: A shorter file in the first example. "none" in the
Using RedHat 7 with all the latest updates available from "up2date -u".
php.ini as installed with the package. Upload worked before I updated to
(As you can probably guess, I am no PHP expert. But as far as I can see,
it should not behave like this?)
We're currently tracking form-parsing bugs in bug #24933. There is an errata
candidate in http://people.redhat.com/nalin/test/ which fixes the problems that
I can verify and reproduce. Please try them and either follow up under this bug
ID or under #24933. Thanks!
I'm sorry! I tried searching for my bug, but did not find it.
And yes, the version found under /nalin/test solved my problem! So I guess you
can close this one.
Okay then. I'll resolve it as an ERRATA when we actually push it out.
In php bug list (bugs.php.net, bug 9298) is reported the same bug, and the
poster report that the last CVS snapshot fixes the problem. I've tryed the
php-4.0.4pl1-5 rpm: now the file is uploaded correctly, but the content-type
variable is still empty.
P.S.: my english is alpha version...
We're having hte same problems here. Has anybody tried to strip the extra
information from the file???
Any news or action? We're in a holding pattern waiting for this fix before we
can deploy some services. At this point, we're trying to decide whether to
scrap use of PHP for new development and implement in Perl. While PHP
simplifies things, it's useless to us due to this bug.
PLEASE provide some clue as to whether RedHat will be releasing a fix to this
issue, and provide some sort of timeline. If there's no interest in fixing
this, let us know that too. We'd just like to move forward one way or another.
For us, at least, this is a VERY HIGH priority issue, not merely an annoyance.
This bug, which languished for a year without being addressed, has now been
cured by the errata fix RHSA-2002:035-13. Luckily someone found a bug requiring
a security patch, and RedHat fixed the security problem by building versions of
PHP for supported releases which is from a newer code base, and does not have
this file upload bug in it.
Whomever is able to close this bug out, may want to do so, pointing at the new
version now available.