Parsing image uploads as PHP files?

I can confirm this bug.

- clean install of drupal CVS-HEAD and image CVS-HEAD
- enable image module
- create content (image)
- preview
- I get a similar error
- submit (instead of preview) works without problems.

Surely we are not parsing the images as php are we??

All works well in drupal-4-6 and image 4-6.

Boy oh boy. We *do* include the file.

The problem is in _phptemplate_default. This function includes a template file with include($file). The problem is that the $file it thinks it includes (a template file, eg themes/bluemarine/node.tpl.php) is not the $file it includes (our image!). The reason for this is that it does a extract($variables) first and there is a $variables['file'] in there! So his template-$file gets overwritten by our image-$file.

Moving this issue to "phptemplate" as I think the bug is there. Easy fix attached.

Alternatively, every module should make sure it hasn't got a $file variable lying around... I'm not completely sure how the image-$file gets there, but it is.

This type of bug should be sent to the devel list - it is a shortcoming of the project module that so little gets sent to that list.

I con confirm that this is a real bug. Good job finding the cause ... I'd love for a phptemplate expert to comment on the patch here.

image.module shoud technically call its form field image_file in order to avoid conflict with other form fields ... still, it would be nice to fix this at the phptemplate leevl if possible.

Right. I'll create a patch for image.module that renames $file to $image_file.
Still, it is a bug that needs fixing in phptemplate too, just to be on the safe(r) side.

I've tested this with phptemplate before , the variable shouldn't get clobbered.
http://ca3.php.net/manual/en/function.extract.php

Rename it to image_file, since file is not telling enough anyway, and i will make a patch to turn the parameter into :

extract($variables, EXTR_SKIP);

The issue has been fixed in image.module (rev 1.161): the module doesn't use '$file' anymore (thx to walkah).

Still I think that phptemplate should fix it too. From the documentation it seems like extract($variables, EXTR_SKIP); would do the trick and is probably cleaner than the unset I did.
Did not test this patch and don't know if there are other side-effects.

(unassigning me from this issue)

Here's a path against HEAD (after the commit of the previous patch) that takes Adrian's suggestion of using EXTR_SKIP instead. This solves the problem in a more fundamental way.

Committed to HEAD. Thanks.