Make WordPress Core

Opened 10 years ago

Last modified 6 years ago

#30495 new defect (bug)

Unicode character U+000B is not removed by sanitize_file_name

Reported by: craxic's profile Craxic Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.0.1
Component: Formatting Keywords: has-patch has-unit-tests
Focuses: Cc:

Description

It seems that the following expression is true:

json_encode(sanitize_file_name(json_decode('"\u000B"'))) == "\u000b"

On Google App Engine, for example, a file name with a U+000B character cannot be saved.

Since the description of the function states:

Removes special characters that are illegal in filenames on certain
operating systems and special characters requiring special escaping
to manipulate at the command line.

... then I think this is a bug.

Thanks!

Attachments (1)

line-tabulation-sanitization.30495.diff (1.7 KB) - added by sanchothefat 9 years ago.
Adds a step to remove all control characters in the 1-31 then mops up white space. Has unit test.

Download all attachments as: .zip

Change History (6)

This ticket was mentioned in Slack in #core by jorbin. View the logs.


9 years ago

#2 @jorbin
9 years ago

  • Component changed from Filesystem API to Formatting
  • Keywords needs-patch needs-unit-tests added

There might be a benefit in a check inside sanitize_file_name to remove everything that matches [:space:]. This is going to need both unit tests and a patch to move forward.

@sanchothefat
9 years ago

Adds a step to remove all control characters in the 1-31 then mops up white space. Has unit test.

#3 @sanchothefat
9 years ago

  • Keywords has-patch has-unit-tests added; needs-patch needs-unit-tests removed

#4 @mgutt
8 years ago

Regarding "then mops up white space" take a look at this changeset:
https://core.trac.wordpress.org/changeset/29715

Last edited 8 years ago by mgutt (previous) (diff)

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


6 years ago

Note: See TracTickets for help on using tickets.