Change sanitize behavior for files with two dots in filename #14330
Conversation
JoshuaLuckers
added
area-core
pr/review-needed
| @@ -873,7 +873,7 @@ public function uploadObjectsToContainer($container,array $objects = array()) { | |||
| } | |||
|
|
|||
| $newPath = $this->fileHandler->sanitizePath($file['name']); | |||
| $newPath = $directory->getPath().$newPath; | |||
| $newPath = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($directory->getPath().$newPath)))); | |||
There was a problem hiding this comment.
Why not move this in sanitizePath?
There was a problem hiding this comment.
I have fears to break other uses case fileHandler->sanitizePath.
This method might have been used before in external components and their processors
There was a problem hiding this comment.
O.k. Then we maybe have to get the reason why two dots in the filename create that issue.
Some sanitize method on the filename removes too much elsewhere. It just should remove the possibility to ascend in the path and strips those two dots instead of slashes/backslashes surrounded by two dots. But I did not searched for this ...
There was a problem hiding this comment.
Now I've realised that my decision (sanitize in method uploadObjectsToContainer) is not clear from the point of consistency.
This behavior I get from processor browser/file/create
This filter process directory path and filename.
In processor browser/file/upload the filter in fact process only directory path, but not filename.
In processor browser/file/remove preparing correct filepath without two dots and as result don't found file.
This had resulted in bug described in issue #14320.
As a solution propose for browser/file processors (create, upload, remove) to remove only two dots from path before filename and allow filename had two dots.
How are you viewing this?
There was a problem hiding this comment.
If then it's also allowing to delete a file with two or multiple dots, than I'm alright with this 🚀
|
Files are renamed when they are loaded, but files with two dots in the name cannot be deleted if they are not loaded via the file manager (for example, via ftp). |
tolanych
changed the title
| if (!empty($directory)) { | ||
| $directory .= DIRECTORY_SEPARATOR; | ||
| } | ||
| $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $file ))); |
There was a problem hiding this comment.
You could use pathinfo for both parts.
There was a problem hiding this comment.
I did so the first time.
Pathinfo with PATHINFO_BASENAME and PATHINFO_FILENAME have trouble with filename with unciode symbols and more dots.
So after testing and catch more bugs I replace this on more simple - end->explode for filename.
e.g. http://codepad.org/73SaPqcF, first 4 characters in filename are loses.
There was a problem hiding this comment.
pathinfo is locale aware, so you have to set an UTF8 capable locale before:
$oldlocale = setlocale(LC_ALL, 0);
setlocale(LC_ALL,'C.UTF-8');
$pathinfo = pathinfo($file);
setlocale(LC_ALL,$oldlocale);
There was a problem hiding this comment.
You have to check, if 'C.UTF-8' is available.
| if (!empty($directory)) { | ||
| $directory .= DIRECTORY_SEPARATOR; | ||
| } | ||
| $name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $newFile ))); |
Mark-H
added
blocked
| $name = preg_replace('/[\.]{2,}/', '', htmlspecialchars($name)); | ||
| $success = $this->source->renameObject($oldFile, $name); | ||
| $oldlocale = setlocale(LC_ALL, 0); | ||
| setlocale(LC_ALL,'C.UTF-8'); |
There was a problem hiding this comment.
Please check here, wether setlocale is successful. Otherwise an error should be logged, describing possible issues. Maybe the 'C.UTF-8' string should be configurable.
There was a problem hiding this comment.
This trouble solving if MODX Setting "locale" is correct encoding for current server environment.
Now I don't run setlocale manually, just log about encoding if function pathinfo return not what was expected
начинающиеся с «#» будут проигнорированы, а пустое сообщение
|
@Jako Please check the changes. |
JoshuaLuckers
added
pr/review-needed
|
@cla-bot check |
|
Thank you for your contribution! Before your pull request can be reviewed, please sign the MODX Contributor License Agreement (CLA). This is to make sure MODX has your written permission to distribute projects containing your contributions under the appropriate license. Please make sure the CLA has been signed for GitHub user(s): @tolanych Once you've signed, please reply with |
cla-bot
bot
removed
area-core
bug
|
The cla-bot has been summoned, and re-checked this pull request! |
JoshuaLuckers
added
area-core
pr/review-needed
|
Shouldn't the sanitizer also remove characters like ampersand and pound sign? Those cause problems as well, and shouldn't be allowed in file names. I have clients who upload files like this all the time and then ask me why linking to these files on their websites doesn't work. |
rthrash
added
the
bug
What does it do?
For files uploaded via media-manager name with two or more dots will sanitize as when creating file.
UPD:
Change behavior. Now sanitize path before filename and allow filename had two dots. Update related browser/file processors.
Why is it needed?
To avoid the mistake like described in issue (cannot be removed).
And for consistency with behavior creating file.
Related issue(s)/PR(s)
This fixes issue #14320