Make WordPress Core

Opened 12 years ago

Closed 4 years ago

#22694 closed defect (bug) (worksforme)

Can't upload a file with an apostrophe in name

Reported by: ianatkins's profile ianatkins Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.4.2
Component: Media Keywords: close
Focuses: Cc:

Description

When uploading a file with an apostrophe in the filename wordpress returns a 'HTTP Error' message.

I have replicated this on two separate installs of wordpress, on different LAMP hosting environments.

The filename used for testing was Trend_Forecaster's_Handbook_1.jpg

Change History (33)

#1 @dd32
12 years ago

#22695 was marked as a duplicate.

#2 follow-up: @pavelevap
12 years ago

Tested in trunk and file is uploaded, but name is crippled: "s_Handbook_1.jpg"

#3 in reply to: ↑ 2 @SergeyBiryukov
12 years ago

Replying to pavelevap:

Tested in trunk and file is uploaded, but name is crippled: "s_Handbook_1.jpg"

Confirmed. Not a new bug though, tested 2.0.11 and it's the same there.

This is what $_FILES looks like:

Array
(
    [async-upload] => Array
        (
            [name] => s_Handbook_1.jpg
            [type] => image/jpeg
            [tmp_name] => S:\tmp\phpCB2.tmp
            [error] => 0
            [size] => 16658
        )

)

Appears to be a PHP bug: https://bugs.php.net/bug.php?id=31398

#4 @SergeyBiryukov
12 years ago

The workaround is to disable magic_quotes_gpc.

#5 @ianatkins
12 years ago

Thanks for investigating Sergey. Is it possible to catch this earlier and throw a more useful error message to the end user?

#6 @iseulde
11 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

Works in new media uploader.

#7 @helen
11 years ago

  • Milestone Awaiting Review deleted

#8 in reply to: ↑ description @sfoxe
11 years ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I just encountered this bug using Wordpress 3.8.1, and uploading a file with an apostrophe in the filename. Removing the apostrophe allowed the file to be uploaded.

Has this bug crept back into the codebase somehow??

Replying to ianatkins:

When uploading a file with an apostrophe in the filename wordpress returns a 'HTTP Error' message.

I have replicated this on two separate installs of wordpress, on different LAMP hosting environments.

The filename used for testing was Trend_Forecaster's_Handbook_1.jpg

#9 @Ipstenu
11 years ago

I can duplicate this one, ran into it on a clean 3.8.1 with very little else :(

magic_quotes_gpc is off (verified it). PHP 5.4.24

#10 @UmeshSingla
11 years ago

With PHP 5.5.8-3 and Wordpress 3.8.1, I never get that issue, while uploading file to media library. Filename is proper with ' being removed from it. Also there is no 'magic_quotes_gpc()' after PHP 5.4
ref: http://in1.php.net/get_magic_quotes_gpc

Last edited 11 years ago by UmeshSingla (previous) (diff)

#11 @SergeyBiryukov
11 years ago

  • Milestone set to Awaiting Review

I can still reproduce the truncated filename from comment:3 in PHP 5.2.17 and PHP 5.3.28 with magic_quotes_gpc on, but not in PHP 5.4.26. Not sure if we can do anything here.

I could not reproduce the "HTTP error" message though.

#12 @jamesmehorter
11 years ago

I can also confirm this issue while using WP 3.9 and PHP 5.3.27 with magic_quotes_gpc disabled. Uploading a file with a single-quote in the filename results in 'HTTP Error'. Simply removing the quote corrects the issue.

I personally don't need the quote in the filename if WP could somehow remove it.

#13 @jana@…
10 years ago

How difficult would it be to make the error read "remove apostrophe from file name and reload"? (No snark intended; honest question.)

#14 @Ipstenu
10 years ago

I still get the httpd error message with PHP 5.4.x and 3.9

Even just a flag "Invalid Filename" would be friendlier.

#15 follow-up: @ericlewis
10 years ago

@ipsentu can you provide clear steps to reproduce the httpd error message?

#16 in reply to: ↑ 15 @Ipstenu
10 years ago

Replying to ericlewis:

@ipsentu can you provide clear steps to reproduce the httpd error message?

1) Create a file with a non a-z/0-9 character in it's name (example: Thisain'tsparta.jpg)

2) Upload the image via any method (in post, drag and drop, select to upload)

3) Get error.

It really is that simple.

#17 @ericlewis
10 years ago

Ah, finally reproduced, thanks @Ipstenu.

If the single or double quote is inside the filename, it makes it through. Only if the string ends in a single or double quote can I reproduce.

#18 @ericlewis
10 years ago

  • Summary changed from Uploading File with Apostrophe in filename to Can't upload a file ending in an apostrophe
Last edited 10 years ago by ericlewis (previous) (diff)

#19 @SergeyBiryukov
10 years ago

#28384 was marked as a duplicate.

#20 @SergeyBiryukov
10 years ago

  • Summary changed from Can't upload a file ending in an apostrophe to Can't upload a file with an apostrophe in name

Looks like this happens with an apostrophe in the middle of the filename too.

#21 in reply to: ↑ description @harpercl
10 years ago

Just had this happen to me in 4.0. Apostrophe in the middle of the filename. async-upload.php returned 404 when uploading.

#22 @kpdesign
10 years ago

#30253 was marked as a duplicate.

#23 @juiceboxint
10 years ago

I just came across this issue in WP 4.0, PHP 5.4.34, magic_quotes_gpc = off. The file was a PDF and the apostrophe was in the middle of the filename.

This ticket was mentioned in Slack in #core by bobbingwide. View the logs.


10 years ago

#25 @bobbingwide
10 years ago

Just want to point out the following:

  1. Windows doesn't allow file names with the following characters \ / : * ? " < > |
  2. It would appear that the PHP problem has been fixed
  3. Also that the magic_quotes_gpc workaround won't apply with PHP 5.4 and above.

The new workaround would be to upgrade to PHP 5.5 or higher...

I believe this is inline with the vision.

Shouldn't this be changed to wontfix?

#26 @wonderboymusic
10 years ago

#30853 was marked as a duplicate.

#27 @interfaSys
10 years ago

To the people still experiencing this issue. Make sure you check your mod_security (or any other IDS) logs. Because of the apostrophe, the system may think you're uploading malicious code.

#28 @demaier
9 years ago

This still happens running WordPress 4.4.2, PHP 5.6.10 in Windows Server. Any workaround so far? Thanks!

#29 @sfoxe
9 years ago

So far the easiest solution appears to be encouraging users to abandon all punctuation.

  • credit to John Twyman for his humour pull request and correction.
Last edited 9 years ago by sfoxe (previous) (diff)

#30 @Ipstenu
9 years ago

Filenames, for maximum cross-compatibility, shouldn't include punctuation anyway.

The best we may be able to do is, in order to force all the flavors of PHP/HHVM/OS to play nice, strip all punctuation like we do with post titles.

#31 @SergeyBiryukov
7 years ago

#41693 was marked as a duplicate.

This ticket was mentioned in Slack in #core-media by antpb. View the logs.


4 years ago

#33 @antpb
4 years ago

  • Keywords close added
  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from reopened to closed

It looks as if this issue has resolved over time. I have tested uploading an image named anthony'simage' in the year 2021 on 5.6 latest and all seems good. @joedolson has also tested images with characters in the filename with success.

Going to close this now as it seems even on the PHP side edge cases this is solved. Feel free to reopen if necessary.

Note: See TracTickets for help on using tickets.