Opened 3 years ago
Last modified 16 months ago
#54190 new defect (bug)
sanitize_file_name disallows acute accents and left smart apostrophe
Reported by: | jdorner | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.5 |
Component: | Media | Keywords: | dev-feedback needs-testing-info |
Focuses: | Cc: |
Description (last modified by )
The following change to line 1991 of wp-includes/formatting.php will disallow acute accents and left smart apostrophe in file names
$special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '´', '!', '{', '}', '%', '+', 'ʻ','’', '«', '»', '”', '“', chr( 0 ) );
Attachments (1)
Change History (22)
#2
@
3 years ago
- Component changed from General to Media
- Summary changed from sanitize_file_name allows acute accents and left smart apostrophe to sanitize_file_name disallows acute accents and left smart apostrophe
- Version changed from 5.8.1 to 5.5
This ticket was mentioned in Slack in #core-test by hellofromtonya. View the logs.
3 years ago
#4
@
3 years ago
- Keywords dev-feedback added
Thanks for opening the ticket @jdorner.
I think we might need some additional information from the media team about the policy for filenames.
Adding a keyword and pinging a component maintainer.
cc @mikeschroder
#5
@
3 years ago
- Keywords reporter-feedback needs-testing-info added
@jdorner Can you please provide a use case or step-by-step instructions on how to reproduce the issue?
Thanks
#7
@
3 years ago
Post-processing of the image failed likely because the server is busy or does not have enough resources. Uploading a smaller image may help. Suggested maximum size is 2500 pixels.
Is the message that shows in the media library if an image is being uploaded that contains an apostrophe in the file name.
This ticket was mentioned in Slack in #core-media by antpb. View the logs.
23 months ago
#9
@
23 months ago
- Milestone changed from Awaiting Review to 6.3
Moving to 6.3 to investigate if this is still valid and what needs to happen.
This ticket was mentioned in Slack in #core-media by antpb. View the logs.
19 months ago
This ticket was mentioned in Slack in #core by mukeshpanchal27. View the logs.
19 months ago
#12
@
19 months ago
- Milestone changed from 6.3 to 6.4
This ticket was discussed during bug scrub.
@antpb Have you investigated the issue? lack of details moving to 6.4
Additional props to @oglekler
#13
@
19 months ago
Am I missing something? I can upload any file (.txt, .png) having the name "test´filename"
This ticket was mentioned in Slack in #core-media by antpb. View the logs.
17 months ago
#15
@
17 months ago
Hi @jdorner ! Thanks so much for this report. There have been two confirmed instances of folks able to upload the test file. Any chance you can reproduce it still? If fixed let us know and we'll close this ticket out. Thanks again!
#16
@
17 months ago
- Keywords reporter-feedback removed
I can upload the file.
It appears that sanitize_file_name is working correctly now - so I believe this issue is resolved.
However, when uploading a file with a left smart apostrophe the file is stored as: "test´filename.txt". The character is not getting removed.
Is the filename not sanitized using sanitize_file_name before saving?
Thanks!
#17
@
17 months ago
sanitize_file_name()
claims:
"not to guarantee that this function will return a filename that is allowed to be uploaded."
So it is not complete 'by design'.
But let's think about adding some more chars like in:
$special_chars = array(
'?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$',
'#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', '’', '«', '»',
'”', '“', chr( 0 ), '´', '^', '@', '%', '&', '*', '+', '=', '|', '{', '}',
'(', ')', '[', ']', '<', '>', ',', ':', ';', '"', '\'', '~', '`', '#', '$',
'£', '€', '¥', '¦', '§', '¨', '©', 'ª', '¬', '®', '¯', '°', '±', '²', '³',
'µ', '¶', '·', '¸', '¹', 'º', '¼', '½', '¾', '¿', '×', '÷'
);
#18
@
16 months ago
@antpb RC1 for 6.4 is in ~2 weeks so I'm checking up on tickets in the milestone. What do you think about this ticket?
Should we add more characters to sanitize_file_name()
as suggested in #comment:17? Should we do more testing to make sure the original issue is definitely resolved?
This ticket was mentioned in Slack in #core-media by antpb. View the logs.
16 months ago
#20
@
16 months ago
- Milestone changed from 6.4 to Awaiting Review
Hi @Presskopp ! Thanks for the suggestion there, I want to close this issue to keep it focused on the reported problem as this is slated for 6.4 but with the initial reported issue being resolved I'd like to clos or rename and write a new description for to include the ones you mentioned in your comment.
Which of those characters are new and would be added? Moving to Awaiting Review to keep the milestone true.
#21
@
16 months ago
Hi @antpb , I'm not sure if I get you right. This is the function as of today:
$special_chars = array( '?', '[', ']', '/', '\\', '=', '<', '>', ':', ';', ',', "'", '"', '&', '$', '#', '*', '(', ')', '|', '~', '`', '!', '{', '}', '%', '+', '’', '«', '»', '”', '“', chr( 0 ) );
and I just added
'´', '^', '@', '%', '&', '*', '+', '=', '|', '{', '}','(', ')', '[', ']', '<', '>', ',', ':', ';','"', '\'', '~', '`', '#', '$','£', '€', '¥', '¦', '§', '¨', '©', 'ª', '¬', '®', '¯', '°', '±', '²', '³','µ', '¶', '·', '¸', '¹', 'º', '¼', '½', '¾', '¿', '×', '÷'
But I don't claim that addition to be complete.
After further review, should all extended ASCII codes (character code 128-255) be excluded or are these valid in a URL?