Opened 7 years ago

Closed 7 years ago

Last modified 6 years ago

#2093 closed defect (bug) (fixed)

inline-uploading.php doesn't escape single quote

Reported by: pirateking Owned by: ryan
Priority: high Milestone:
Component: Administration Version: 2.0
Severity: normal Keywords: bg|has-patch
Cc:

Description

After uploading an image with a single quote (in my case God's Gun) almost all functions fail due to a javascript error. This is due to when it creates the listing of the images, the single quote throws everything out of whack.

Attachments (1)

quote-this.diff (410 bytes) - added by skeltoac 7 years ago.

Download all attachments as: .zip

Change History (5)

comment:1   masquerade7 years ago

  • Milestone set to 2.0
  • Severity changed from normal to major

comment:2   skeltoac7 years ago

  • Keywords bg|has-patch added; image upload removed
  • Milestone changed from 2.0 to 2.0.1
  • Owner changed from anonymous to ryan
  • Priority changed from normal to high
  • Severity changed from major to normal

Single quotes are sometimes escaped in the filename, so we have no reliable way to preserve files with single quotes in the names. This patch removes single quotes from filenames.

Single quotes are still allowed in attachment titles.

skeltoac7 years ago

comment:3   matt7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [3446]) Strip some more funny chars, fixes #2093

comment:4   anonymous6 years ago

  • Milestone 2.0.1 deleted

Milestone 2.0.1 deleted

Note: See TracTickets for help on using tickets.