Opened 14 years ago
Last modified 5 years ago
#16191 reopened defect (bug)
Uploaded files with quote marks in the filename are undisplayable in MS
Reported by: | simonwheatley | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Upload | Keywords: | has-patch dev-feedback needs-testing good-first-bug |
Focuses: | Cc: |
Description
If you upload a file with quote marks in the filename, e.g. "Test".jpg
, WordPress records the filename as %22test%22.jpg
but the file is called "Test".jpg
(on 'nix-like systems anyway) so is undisplayable.
I'm unsure about the implications (security and otherwise) of my suggested patch (attached), so please give feedback. (I guess the other approach would be to retain the url-encoded characters and ensure that the file is named with the URL encoded version of the filename.)
Attachments (3)
Change History (12)
#1
@
14 years ago
- Milestone Awaiting Review deleted
- Resolution set to worksforme
- Status changed from new to closed
sanitize_file_name()
should be stripping quote marks, and works for me.
Please reopen with more details. What browser, what OS, what server OS, PHP version, etc.?
#2
@
14 years ago
- Milestone set to Future Release
- Resolution worksforme deleted
- Status changed from closed to reopened
markjaquith just repro'd. Flash uploader works fine, the browser uploader does not.
#3
@
14 years ago
This looks like a WebKit bug that we can't work around.
I have a file named z"d%22e.jpg
.
Uploading from FF:
-----------------------------178448449274243042114807987 Content-Disposition: form-data; name="async-upload"; filename="z"d%22e.jpg" Content-Type: image/jpeg
Uploading from Chrome:
------WebKitFormBoundaryAUCJ2qQRMOXB3IQL Content-Disposition: form-data; name="async-upload"; filename="z%22d%22e.jpg" Content-Type: image/jpeg
Chrome is clearly doing things wrong. FF works, but I would have thought the double quote should have been slashed.
#4
@
14 years ago
16191.diff is a Proof of Concept workaround for filenames with double quotes in them.
- Populate POST variable via JS with file's real name.
- Use wp_handle_upload_prefilter to fix the
$_FILES
item.
#5
@
11 years ago
- Keywords changed from has-patch, dev-feedback to has-patch dev-feedback
This is still an issue after 3.5, image is now saved as %22Test%22.jpg
, but is not found when trying to access is. Maybe remove the double quotes just like single quotes are removed (Test.jpg
)?
See #22694.
#6
@
10 years ago
16226.patch on 16226 may resolve this.
#7
@
6 years ago
- Keywords needs-testing good-first-bug added
#16226 was fixed in 4.4. Can someone test this to see if the behavior still persists?
#8
@
5 years ago
This is my first time to be involved so please be patient and guide me through. @desrosj
I wasn't able to replicate the problem but I noticed something when testing on different browsers.
I'm on macOS Mojave (10.14.5)
What I did: Uploaded an image with the name "512x512_RED."png via the Media Uploader and inside Gutenberg editor.
Browser: Google Chrome
Results:
File was uploaded with filename - 22512x512_RED.22png.png
Post title - 512x512_RED.png
post_meta_key (_wp_attached_file) - 22512x512_RED.22png.png
Renders properly inside a post.
Browser: Firefox
Results:
File was uploaded with filename - 512x512_RED.png.png
Post title - "512x512_RED."png
post_meta_key (_wp_attached_file) - 512x512_RED.png.png
Renders properly inside a post.
Browser: Microsoft Edge (Dev build for Mac)
Results:
File was uploaded with filename - 22512x512_RED.22png-2.png
Post title - 512x512_RED.png
post_meta_key (_wp_attached_file) - 22512x512_RED.22png-2.png
Renders properly inside a post.
Browser: Safari
Results:
File was uploaded with filename - 22512x512_RED.22png-4.png
Post title - 512x512_RED.png
post_meta_key (_wp_attached_file) - 22512x512_RED.22png-4.png
Renders properly inside a post.
How it saves in Firefox is different than the rest of the browsers. I'm not sure if it's something critical. But nonetheless, the image with double quotes in filename displays properly.
#9
@
5 years ago
At #WCUS Contributor Day. I can confirm @donmhico's observations.
The patch does not apply cleanly to the trunk.
Operating System: Mac OS Mojave
Browser: Firefox
Post Title: top_”bg_header”
Filename: top_bg_header.jpg
Image renders correctly on the attachment page.
Browser: Chrome
Post Title: top_bg_header
Filename: top_bg_header.jpg
Image renders correctly on the attachment page.
Browser: Safari
Post Title: top_bg_header
Filename: top_22bg_header22.jpg
Image renders correctly on the attachment page.
URLDecode characters before saving to WP meta data