Are files and image names are not sanitized?

redbot · 2011-02-07 16:24:40

Hi,
I hope I’m not missing something but I was sure that uploaded file and image names where automatically sanitized.
Well, apparently I was wrong.
If this is true could this feature be introduced?
I suppose it’s not uncommon to have clients which name their files in the craziest ways no matter how many times you tell them not.

jsoo · 2011-02-07 16:48:12

See lib/txplib_misc.php, sanitizeForFile().

Image names get run through doSlash().

redbot · 2011-02-07 17:02:47

jsoo wrote:

See lib/txplib_misc.php, sanitizeForFile().

Image names get run through doSlash().

Ok thank you,
so this won’t take care of non-trailing spaces, right? I tried uploading a file named “a & b.txt” (and a “a & b.gif” image) and I expected
it to be changed in a_&_b which of course did not happen.
Is this ok? Maybe this is a nonsense but I always thought it was no good to have spaces in the file name.

jsoo · 2011-02-07 17:31:57

If we update this for Txp5, I’m not sure we should actually change file names, but perhaps validate them on upload.

maverick · 2011-02-07 18:06:18

redbot wrote:

I always thought it was no good to have spaces in the file name.

It’s rarely an issue w/ Macs, but my understanding is that it can be a big issue with other flavors of *nix. I’ve also had people tell me they have issues with spaces in file names on Windows.

Plus spaces get translated to numeric codes in browsers, which makes for a messy url.

Last edited by maverick (2011-02-07 18:19:29)

redbot · 2011-02-07 18:47:25

jsoo wrote:

If we update this for Txp5, I’m not sure we should actually change file names, but perhaps validate them on upload.

Oh, do you mean something like a “please don’t use these characters” warning?
I think it would be useful.

maverick wrote:

… it can be a big issue with other flavors of *nix. I’ve also had people tell me they have issues with spaces in file names on Windows.

Yes, exactly. At least I thought so.

Gocom · 2011-02-07 19:06:57

There aren’t any real-ish direct limitations with spaces in the file names with any of the three main flavors of operating systems, or file systems.

The problem arises from 3rd party applications that don’t handle paths correctly when accessing files or executing commands. The problem can exists no matter what the OS is.

But it’s nice to avoid spaces in file names, or at least pre/appending whitespace, special characters (even that everything should support unicode) and the normal list of reserved characters.

Last edited by Gocom (2011-02-07 19:09:26)

Textpattern CMS

Textpattern CMS support forum

#1 2011-02-07 16:24:40

Are files and image names are not sanitized?

#2 2011-02-07 16:48:12

Re: Are files and image names are not sanitized?

#3 2011-02-07 17:02:47

Re: Are files and image names are not sanitized?

#4 2011-02-07 17:31:57

Re: Are files and image names are not sanitized?

#5 2011-02-07 18:06:18

Re: Are files and image names are not sanitized?

#6 2011-02-07 18:47:25

Re: Are files and image names are not sanitized?

#7 2011-02-07 19:06:57

Re: Are files and image names are not sanitized?

Board footer