PHP File Upload Works... But Stupid IE

[romulo1405241517 0]

ok i have used the following code in my upload.php file

 

Code:

 

$uploaddir = '../photos/';$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);echo '<pre>';if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {   echo "File is valid, and was successfully uploaded.\n";} else {   echo "Possible file upload attack!\n";}

 

using ../photos/ as my upload DIR works, as the file does upload, but when i echo $uploadfile on the same page:

 

Code:

 

<img src="http://forums.xisto.com/no_longer_exists/ echo $uploadfile; ?>" alt="uploadedfile" />

 

IE wont show it as it has two fullstops before the photo dir in the domain

 

e.g : http://forums.xisto.com/no_longer_exists/

 

 

it works in firefox, as it removes the two full stops, but IE isnt having any of it.

 

any ideas?

Reply With Quote

 

 

-----Please use CODE tags when posting codes-----szupie

Edited February 2, 2006 by szupie (see edit history)

[minnieadkins 0]

Interesting. I'm sure someone will respond as to why this is happening, and why firefox interprets it differently, but it's obvious if you use $uploadfile as part of the href for the image...it will say http://yourdomain.com/photos because it's just a string and it's putting the text where you tell it to. I don't know if double quotes would make a difference here, but probably not. I personally was goin to try to write a bit of code that uploads images, but I haven't even started yet. Why are you displaying the picture on the same page? Is it just to verify that the image has been loaded and show it in action?

As I said, I haven't tried this so if the '../photos/' is required rather than just 'photos/' then a simple fix would be to

$uploadfile = substr($uploadfile, 3);

Just cut out the first 3 (or 2 characters) in your string after you successfully upload. Then you should have a valid path to your image.

I'm just curioius as to why firefox parses it. Anyone?

[vujsa 0]

I suggest not using relative urls.

I understand the though behind using relitive urls but if you are building the url with PHP anyhow, I suggest using some of the built in PHP file system functions to build the link.

I think this link may help.
http://us2.php.net/manual/en/function.realpath.php

This way you'll have all of the benefits of using a relative url for the script but the link that the browser will see will be absolute.

You would need to run a few more functions on the variable before it would be usable as a url.

Hope this help you.

vujsa

[minnieadkins 0]

Good idea, I thought about that too, but I've never used that function. I don't even know how that thing works lol. Anyways if you can pass an real address rather than just relative to your upload function you could just build your URL.

$uploaddir= 'http://' .  $_SERVER['HTTP_HOST'] . '/photos/';

Sometimes you might not want the '//', I've read that somewhere and they used some kind of ternary operator to deal with that problem. In most cases I think something like that would work, as long as you kept the same structure. Perhaps that function realpath would be the better solution tho. Gl with it.