Opened 14 years ago
Closed 14 years ago
#12280 closed defect (bug) (invalid)
^ is an escape char in the windows OS
Reported by: | hakre | Owned by: | ryan |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Security | Keywords: | has-patch |
Focuses: | Cc: |
Attachments (1)
Change History (8)
#2
@
14 years ago
is an escape char in the windows OS. so it has a special meaning. those are to be removed from filenames as per definition of function sanitize_file_name():
* Removes special characters that are illegal in filenames on certain * operating systems and special characters requiring special escaping * to manipulate at the command line. [...]
See section "Escape Character" in http://ss64.com/nt/syntax-esc.html
#3
@
14 years ago
-1 invalid. Filename escaping is the responsibility of the API, which is PHP in this case. Tested and confirmed:
copy('index.php', 'inde^^x.php');
PHP creates a file named inde^^x.php
, as expected. If there were a legitimate problem here, it would have created a file named inde^x.php
.
#4
@
14 years ago
that argumentation would make -1 for those (which are in right now) as well:
"?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}"
because the API, which is PHP in this case, would be responsible for filename escaping.
So where does that lead to?
#5
@
14 years ago
You are welcome to test all of those characters. Half of them are valid in Windows and will cause no problem. The other half are invalid and will throw a PHP Warning, which is not desirable. All other characters are valid and should not need escaping above the PHP layer.
#6
@
14 years ago
I'm not in here to remove any of those. I created that ticket to add another special char that might be wise to replace for shell usage on the WINNT platform. Just as a precaution while I was stumbling over that line of code.
Infact, I do not care much about the windows platform and WP. So from that point of view, not worth the discussion for me now. Commit it or close it I won't care any longer. Enough typed here.
What is the precedent? Windows always allows karats in filenames doesn't it?