Discussion:
Response converted to entities after file upload
Lay András
2010-02-17 15:49:42 UTC
Permalink
Hi!

If i have a file upload input in my form, after submit the html codes
in the response data converted to their entities:

http://bogex.hu/jquery_upload_test.php

How can I prevent this?

Thank you!

Lay
Randall Morgan
2010-02-17 16:56:33 UTC
Permalink
Are you using a Php framework? If so, does it do output filtering? If
not, can you show me your Php code?

Randy
Post by Lay András
Hi!
If i have a file upload input in my form, after submit the html codes
http://bogex.hu/jquery_upload_test.php
How can I prevent this?
Thank you!
Lay
--
If you ask me if it can be done. The answer is YES, it can always be
done. The correct questions however are... What will it cost, and how
long will it take?
Lay András
2010-02-17 18:55:51 UTC
Permalink
Hello!
Post by Randall Morgan
Are you using a Php framework? If so, does it do output filtering? If
not, can you show me your Php code?
It's a simple PHP code, without any framework. The source code
visible, you can simply copy, and check it on your server. Now i put a
alert, to view the server response immediately. My problem is, the <h1> and </h1> elements converted to &lt;h1&gt;f and &lt;/h1&gt;
entities. This only happens, when the file input is present in the
form. I mean the problem occurs, when the form submitted to an
iframe...

Lay
Randall Morgan
2010-02-17 19:41:34 UTC
Permalink
A couple of things to try. First, run phpinfo() and look through the
output for anything that could be filtering the output.

Second, try using double quotes or echo or print() in place of die()
and follow with exit.

die() does not escape html (at least not on my servers) so I suspect
that phpinfo() will show something that is filtering your output.
Post by Lay András
Hello!
Post by Randall Morgan
Are you using a Php framework? If so, does it do output filtering? If
not, can you show me your Php code?
It's a simple PHP code, without any framework. The source code
visible, you can simply copy, and check it on your server. Now i put a
entities. This only happens, when the file input is present in the
form. I mean the problem occurs, when the form submitted to an
iframe...
Lay
--
If you ask me if it can be done. The answer is YES, it can always be
done. The correct questions however are... What will it cost, and how
long will it take?
Randall Morgan
2010-02-18 01:14:40 UTC
Permalink
You may want to remove the $header method. PHP should send the
content-type text/html header by default.

Randy
Post by Randall Morgan
A couple of things to try. First, run phpinfo() and look through the
output for anything that could be filtering the output.
Second, try using double quotes or echo or print() in place of die()
and follow with exit.
die() does not escape html (at least not on my servers) so I suspect
that phpinfo() will show something that is filtering your output.
Post by Lay András
Hello!
Post by Randall Morgan
Are you using a Php framework? If so, does it do output filtering? If
not, can you show me your Php code?
It's a simple PHP code, without any framework. The source code
visible, you can simply copy, and check it on your server. Now i put a
entities. This only happens, when the file input is present in the
form. I mean the problem occurs, when the form submitted to an
iframe...
Lay
--
If you ask me if it can be done. The answer is YES, it can always be
done. The correct questions however are... What will it cost, and how
long will it take?
--
If you ask me if it can be done. The answer is YES, it can always be
done. The correct questions however are... What will it cost, and how
long will it take?
Continue reading on narkive:
Loading...