#80574 by Steven and chx. Fix file uploads.

2 files changed, 14 insertions, 8 deletions

diff --git a/includes/file.inc b/includes/file.inc
index 9649a45ab..d40d806e3 100644
--- a/includes/file.inc
+++ b/includes/file.inc
@@ -192,11 +192,11 @@ function file_check_upload($source = 'upload') {
   }
 
   // If a file was uploaded, process it.
-  if ($_FILES["edit"]["name"][$source] && is_uploaded_file($_FILES["edit"]["tmp_name"][$source])) {
+  if ($_FILES["files"]["name"][$source] && is_uploaded_file($_FILES["files"]["tmp_name"][$source])) {
 
     // Check for file upload errors and return FALSE if a
     // lower level system error occurred.
-    switch ($_FILES["edit"]["error"][$source]) {
+    switch ($_FILES["files"]["error"][$source]) {
 
       // @see http://php.net/manual/en/features.file-upload.errors.php
       case UPLOAD_ERR_OK:
@@ -220,12 +220,12 @@ function file_check_upload($source = 'upload') {
 
     // Begin building file object.
     $file = new StdClass();
-    $file->filename = trim(basename($_FILES["edit"]["name"][$source]), '.');
+    $file->filename = trim(basename($_FILES["files"]["name"][$source]), '.');
 
     // Create temporary name/path for newly uploaded files.
     $file->filepath = tempnam(file_directory_temp(), 'tmp_');
 
-    $file->filemime = $_FILES["edit"]["type"][$source];
+    $file->filemime = $_FILES["files"]["type"][$source];
 
     // Rename potentially executable files, to help prevent exploits.
     if (preg_match('/\.(php|pl|py|cgi|asp|js)$/i', $file->filename) && (substr($file->filename, -4) != '.txt')) {
@@ -236,13 +236,13 @@ function file_check_upload($source = 'upload') {
 
     // Move uploaded files from php's upload_tmp_dir to Drupal's file temp.
     // This overcomes open_basedir restrictions for future file operations.
-    if (!move_uploaded_file($_FILES["edit"]["tmp_name"][$source], $file->filepath)) {
+    if (!move_uploaded_file($_FILES["files"]["tmp_name"][$source], $file->filepath)) {
       drupal_set_message(t('File upload error. Could not move uploaded file.'));
-      watchdog('file', t('Upload Error. Could not move uploaded file (%file) to destination (%destination).', array('%file' => $_FILES["edit"]["tmp_name"][$source], '%destination' => $file->filepath)));
+      watchdog('file', t('Upload Error. Could not move uploaded file (%file) to destination (%destination).', array('%file' => $_FILES["files"]["tmp_name"][$source], '%destination' => $file->filepath)));
       return FALSE;
     }
 
-    $file->filesize = $_FILES["edit"]["size"][$source];
+    $file->filesize = $_FILES["files"]["size"][$source];
     $file->source = $source;
 
     // Add processed file to the cache.
diff --git a/includes/form.inc b/includes/form.inc
index d5607d957..76779646e 100644
--- a/includes/form.inc
+++ b/includes/form.inc
@@ -547,7 +547,13 @@ function form_builder($form_id, $form) {
     if (!isset($form['#name'])) {
       $name = array_shift($form['#parents']);
       $form['#name'] = $name;
-      if (count($form['#parents'])) {
+      if ($form['#type'] == 'file') {
+        // to make it easier to handle $_FILES in file.inc, we place all
+        // file fields in the 'files' array. Also, we do not support
+        // nested file names
+        $form['#name'] = 'files['. $form['#name'] .']';
+      }
+      elseif (count($form['#parents'])) {
         $form['#name'] .= '['. implode('][', $form['#parents']) .']';
       }
       array_unshift($form['#parents'], $name);