Opened 13 years ago
Closed 10 years ago
#18412 closed defect (bug) (duplicate)
"%20" in an uploaded image file name breaks thumbnails
Reported by: | ripperdoc | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.1 |
Component: | Media | Keywords: | has-patch needs-unit-tests dev-feedback |
Focuses: | Cc: |
Description
When uploading an image file where the name contains %20, it will not show thumbnails. It is still possible to edit the image in the image editor, however.
Attachments (3)
Change History (23)
#5
@
13 years ago
- Cc kurtpayne added
- Keywords has-patch added
18412.diff will double-encode any %XX patterns in media URLs so they are properly decoded when returned to the browser.
#10
follow-up:
↓ 11
@
11 years ago
This seems like a bizarre solution. @kurtpayne still think this is the way to go?
#11
in reply to:
↑ 10
@
11 years ago
Replying to ericlewis:
This seems like a bizarre solution. @kurtpayne still think this is the way to go?
The general answer to these types of problems is to double-encode or use a token replacement (e.g. '-real-percent-plz-'), encode, then replace the token with the original character afterwards.
For example, check out the usage of <WPPreserveNewline />
:
https://github.com/WordPress/WordPress/blob/master/wp-includes/formatting.php#L320
#12
follow-up:
↓ 13
@
11 years ago
Cool, thanks for the detail.
So, if you upload a file named Eric%20Lewis.jpg
the URL would end up as siteurl.com/wp-content/uploads/2014/05/Eric%2520Lewis.jpg
.
Should we be URL-unencoding before naming the file on the server, so if I upload Eric%20Lewis.jpg
, the file on the server would be /path/to/uploads/dir/Eric Lewis.jpg
and the URL siteurl.com/wp-content/uploads/2014/05/Eric%20Lewis.jpg
?
#13
in reply to:
↑ 12
;
follow-up:
↓ 15
@
11 years ago
Replying to ericlewis:
Should we be URL-unencoding before naming the file on the server, so if I upload
Eric%20Lewis.jpg
, the file on the server would be/path/to/uploads/dir/Eric Lewis.jpg
and the URLsiteurl.com/wp-content/uploads/2014/05/Eric%20Lewis.jpg
?
This seems better to me than double-encoding.
#14
@
11 years ago
In attachment:18412.3.diff, urldecode() filenames and attachment titles when creating them on the server.
#15
in reply to:
↑ 13
@
11 years ago
Replying to SergeyBiryukov:
Replying to ericlewis:
Should we be URL-unencoding before naming the file on the server, so if I upload
Eric%20Lewis.jpg
, the file on the server would be/path/to/uploads/dir/Eric Lewis.jpg
and the URLsiteurl.com/wp-content/uploads/2014/05/Eric%20Lewis.jpg
?
This seems better to me than double-encoding.
I can get behind this, too. There is a precedent for normalizing filenames on upload.
#17
follow-up:
↓ 18
@
11 years ago
- Keywords needs-unit-tests added
This looks fine, but the bug and fix need to be demonstrated via a unit test.
#18
in reply to:
↑ 17
@
10 years ago
- Keywords dev-feedback added
Replying to wonderboymusic:
This looks fine, but the bug and fix need to be demonstrated via a unit test.
I cannot see how to demonstrate this bug in wp_handle_upload
via a unit test (not to say it's not possible). I've created a not-uploaded fake file, and overridden as many tests as possible. Unfortunately the tests fails (not in a good way) on the move_uploaded_file
call, which (I assume) detects that it's not a properly uploaded file and then the wp_handle_upload
function fails.
Any ideas for how we can get around this?
My test so far:
/* * @ticket 18412 */ function test_unique_filename_encoded_space_is_sanitized() { $tmp_file_name = wp_tempnam(); file_put_contents( $tmp_file_name, 'xxxxxxxxxxxxxxxx' ); $overrides = array( 'test_form' => false, 'test_size' => false, 'test_upload' => false, ); $fake_file = array( 'name' => 'hello%20world.png', 'type' => 'image/png', 'size' => '16', 'tmp_name' => $tmp_file_name, 'error' => UPLOAD_ERR_OK, ); $results = wp_handle_upload( $fake_file, $overrides ); // Some assertions to go here, haven't got that far unlink( $tmp_file_name ); }
#19
@
10 years ago
I think the underlying issue is the same as #16330 - the bug affects both uploading and sideloading.
The solution I proposed there is that sanitize_file_name
should replace %20
with a -
as it does with spaces. I think this is a better solution because if %20
in filenames breaks things then it shouldn't be allowed.
My patch on #16330 should fix the issues described in this ticket as well as sideload issues.
Related: #16330