From dd63f57344321a47eac235005ff9975aafa3051e Mon Sep 17 00:00:00 2001
From: Andreas Fischer <bantu@phpbb.com>
Date: Wed, 4 Aug 2010 12:35:19 +0200
Subject: [ticket/9615] magic_quotes_gpc: call stripslashes() before
 utf8_basename()

When magic_quotes_gpc is 'On' it also affects the $_FILES array and a filename
like 'bantu"s testfile.txt' will be returned as 'bantu\"s testfile.txt'.

Because utf8_basename() also strips off anything before the last backslash
the filename was returned as '"s testfile.txt'.

Calling stripslashes() before utf8_basename() solves the problem.

PHPBB3-9615
---
 phpBB/includes/functions_upload.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php
index 51fed45ebd..7f09cc1640 100644
--- a/phpBB/includes/functions_upload.php
+++ b/phpBB/includes/functions_upload.php
@@ -58,8 +58,9 @@ class filespec
 
 		$this->filename = $upload_ary['tmp_name'];
 		$this->filesize = $upload_ary['size'];
-		$name = trim(utf8_htmlspecialchars(utf8_basename($upload_ary['name'])));
-		$this->realname = $this->uploadname = (STRIP) ? stripslashes($name) : $name;
+		$name = (STRIP) ? stripslashes($upload_ary['name']) : $upload_ary['name'];
+		$name = trim(utf8_htmlspecialchars(utf8_basename($name)));
+		$this->realname = $this->uploadname = $name;
 		$this->mimetype = $upload_ary['type'];
 
 		// Opera adds the name to the mime type
-- 
cgit v1.2.1