When uploading a file in PHP, the first character of the file name is truncated.

Recently, PHP was used for a simple upload function, and an unexpected problem occurred. When obtaining $ _ files, I found that the first character of the file name was truncated, because the first file to be uploaded was always a document named by a number or letter, I didn't care too much about this problem. When I upload a document with a Chinese name, the problem arises because only one character is intercepted and one Chinese character is two characters, so garbled characters appear. In addition, both the local server and the server have the same problem. At this time, I had to start looking for reasons.

The Code is as follows.

The content of the file upload. php is:

<! Doctype HTML public "-// W3C // dtd xhtml 1.0 strict // en" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <HTML xmlns = "http://www.w3.org/1999/xhtml"> 
Post to upload2.php after submit. Let's take a look at the content:

<?php     var_export($_FILES);
The logic is simple and there is no suspense, right? But what is the specific situation of the problem that I described above? Let me describe it.
First, I select a file named "“mima.txt". After confirmation, the output is:
array ( 'content' => array ( 'name' => 'ima.txt', 'type' => 'text/plain', 'tmp_name' => 'D:\\wamp\\tmp\\php322.tmp', 'error' => 0, 'size' => 379, ), )
As you can see, the first screenshot is truncated, And the mima.txt is changed to "ima.txt ".
Now let's take a look at Chinese. I will select a file named "" 文.txt .txt" and upload it. The printed result is:

Array ('content' => array ('name' => '文.txt .txt', 'type' => 'text/plain ', 'tmp _ name' => 'd: \ Wamp \ TMP \ php327.tmp ', 'error' => 0, 'SIZE' => 10 ,),)
Good. garbled.
Through my various tireless search engines, friends, and self-help, a web page makes me suddenly enlightened.
Https://bugs.php.net/bug.php? Id = 55510
Part of this excerpt

I started going back version by version from 5.3.8 to see where the problem started, and it seems to have begun with 5.3.7, as 5.3.6 works correctly. Once again, I'm just replacing PHP builds -- I'm not modifying any else. With 5.3.6, I get back what I would expect:array(1) { ["filename"]=> array(5) { ["name"]=> string(10) "readme.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> string(31) "C:\temp\file_upload\php594F.tmp" ["error"]=> int(0) ["size"]=> int(22) } } With 5.3.7 and 5.3.8, I get back the missing first letter:array(1) { ["filename"]=> array(5) { ["name"]=> string(10) "eadme.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> string(31) "C:\temp\file_upload\php594F.tmp" ["error"]=> int(0) ["size"]=> int(22) } } With 5.4.beta1-dev, I'm back to getting everything that I expect:array(1) { ["filename"]=> array(5) { ["name"]=> string(10) "readme.txt" ["type"]=> string(10) "text/plain" ["tmp_name"]=> string(31) "C:\temp\file_upload\php594F.tmp" ["error"]=> int(0) ["size"]=> int(22) } }

That is to say, this problem exists in php5.3.8, and after I check it, I found that the PHP version of my local machine and server is 5.8.3, both of them lay down the gun.
Two simple solutions:
1. Upgrade Your PHP version. Or back up. Do not use 5.3.8.
2. Rename the file and upload it again. I directly use the random number plus the current Timestamp and the file extension name. Attackers can directly Bypass file name truncation. Of course, if you need to save the original file name and do not want to modify your PHP environment, you can put a hidden to store your file name and submit the file name in the past or hidden.