WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 5 weeks ago

#22694 reopened defect (bug)

Can't upload a file with an apostrophe in name

Reported by: ianatkins Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.4.2
Component: Media Keywords:
Focuses: Cc:

Description

When uploading a file with an apostrophe in the filename wordpress returns a 'HTTP Error' message.

I have replicated this on two separate installs of wordpress, on different LAMP hosting environments.

The filename used for testing was Trend_Forecaster's_Handbook_1.jpg

Change History (26)

comment:1 @dd322 years ago

#22695 was marked as a duplicate.

comment:2 follow-up: @pavelevap2 years ago

Tested in trunk and file is uploaded, but name is crippled: "s_Handbook_1.jpg"

comment:3 in reply to: ↑ 2 @SergeyBiryukov2 years ago

Replying to pavelevap:

Tested in trunk and file is uploaded, but name is crippled: "s_Handbook_1.jpg"

Confirmed. Not a new bug though, tested 2.0.11 and it's the same there.

This is what $_FILES looks like:

Array
(
    [async-upload] => Array
        (
            [name] => s_Handbook_1.jpg
            [type] => image/jpeg
            [tmp_name] => S:\tmp\phpCB2.tmp
            [error] => 0
            [size] => 16658
        )

)

Appears to be a PHP bug: https://bugs.php.net/bug.php?id=31398

comment:4 @SergeyBiryukov2 years ago

The workaround is to disable magic_quotes_gpc.

comment:5 @ianatkins2 years ago

Thanks for investigating Sergey. Is it possible to catch this earlier and throw a more useful error message to the end user?

comment:6 @iseulde20 months ago

  • Resolution set to worksforme
  • Status changed from new to closed

Works in new media uploader.

comment:7 @helen20 months ago

  • Milestone Awaiting Review deleted

comment:8 in reply to: ↑ description @sfoxe14 months ago

  • Resolution worksforme deleted
  • Status changed from closed to reopened

I just encountered this bug using Wordpress 3.8.1, and uploading a file with an apostrophe in the filename. Removing the apostrophe allowed the file to be uploaded.

Has this bug crept back into the codebase somehow??

Replying to ianatkins:

When uploading a file with an apostrophe in the filename wordpress returns a 'HTTP Error' message.

I have replicated this on two separate installs of wordpress, on different LAMP hosting environments.

The filename used for testing was Trend_Forecaster's_Handbook_1.jpg

comment:9 @Ipstenu14 months ago

I can duplicate this one, ran into it on a clean 3.8.1 with very little else :(

magic_quotes_gpc is off (verified it). PHP 5.4.24

comment:10 @UmeshSingla13 months ago

With PHP 5.5.8-3 and Wordpress 3.8.1, I never get that issue, while uploading file to media library. Filename is proper with ' being removed from it. Also there is no 'magic_quotes_gpc()' after PHP 5.4
ref: http://in1.php.net/get_magic_quotes_gpc

Last edited 13 months ago by UmeshSingla (previous) (diff)

comment:11 @SergeyBiryukov13 months ago

  • Milestone set to Awaiting Review

I can still reproduce the truncated filename from comment:3 in PHP 5.2.17 and PHP 5.3.28 with magic_quotes_gpc on, but not in PHP 5.4.26. Not sure if we can do anything here.

I could not reproduce the "HTTP error" message though.

comment:12 @jamesmehorter11 months ago

I can also confirm this issue while using WP 3.9 and PHP 5.3.27 with magic_quotes_gpc disabled. Uploading a file with a single-quote in the filename results in 'HTTP Error'. Simply removing the quote corrects the issue.

I personally don't need the quote in the filename if WP could somehow remove it.

comment:13 @jana@…11 months ago

How difficult would it be to make the error read "remove apostrophe from file name and reload"? (No snark intended; honest question.)

comment:14 @Ipstenu11 months ago

I still get the httpd error message with PHP 5.4.x and 3.9

Even just a flag "Invalid Filename" would be friendlier.

comment:15 follow-up: @ericlewis10 months ago

@ipsentu can you provide clear steps to reproduce the httpd error message?

comment:16 in reply to: ↑ 15 @Ipstenu10 months ago

Replying to ericlewis:

@ipsentu can you provide clear steps to reproduce the httpd error message?

1) Create a file with a non a-z/0-9 character in it's name (example: Thisain'tsparta.jpg)

2) Upload the image via any method (in post, drag and drop, select to upload)

3) Get error.

It really is that simple.

comment:17 @ericlewis10 months ago

Ah, finally reproduced, thanks @Ipstenu.

If the single or double quote is inside the filename, it makes it through. Only if the string ends in a single or double quote can I reproduce.

comment:18 @ericlewis10 months ago

  • Summary changed from Uploading File with Apostrophe in filename to Can't upload a file ending in an apostrophe
Last edited 10 months ago by ericlewis (previous) (diff)

comment:19 @SergeyBiryukov10 months ago

#28384 was marked as a duplicate.

comment:20 @SergeyBiryukov10 months ago

  • Summary changed from Can't upload a file ending in an apostrophe to Can't upload a file with an apostrophe in name

Looks like this happens with an apostrophe in the middle of the filename too.

comment:21 in reply to: ↑ description @harpercl5 months ago

Just had this happen to me in 4.0. Apostrophe in the middle of the filename. async-upload.php returned 404 when uploading.

comment:22 @kpdesign5 months ago

#30253 was marked as a duplicate.

comment:23 @juiceboxint5 months ago

I just came across this issue in WP 4.0, PHP 5.4.34, magic_quotes_gpc = off. The file was a PDF and the apostrophe was in the middle of the filename.

comment:24 @slackbot4 months ago

This ticket was mentioned in Slack in #core by bobbingwide. View the logs.

comment:25 @bobbingwide4 months ago

Just want to point out the following:

  1. Windows doesn't allow file names with the following characters \ / : * ? " < > |
  2. It would appear that the PHP problem has been fixed
  3. Also that the magic_quotes_gpc workaround won't apply with PHP 5.4 and above.

The new workaround would be to upgrade to PHP 5.5 or higher...

I believe this is inline with the vision.

Shouldn't this be changed to wontfix?

comment:26 @wonderboymusic5 weeks ago

#30853 was marked as a duplicate.

Note: See TracTickets for help on using tickets.