WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#5587 closed defect (bug) (fixed)

Some attached files with non-ASCII names are unlinkable

Reported by: filosofo Owned by: ryan
Milestone: 2.5.1 Priority: normal
Severity: normal Version: 2.3.2
Component: General Keywords: has-patch attachment utf urlencode wp_unique_filename sanitize_title_with_dashes
Focuses: Cc:

Description

This will be tough to reproduce in current trunk while the inline uploader is missing, but you can see it happen in 2.3.2.

  1. Upload a file named WordPress › Error.jpg
  2. wp_unique_filename, calling sanitize_title_with_dashes, which in turn calls utf8_uri_encode, changes the filename and its url to wordpress-%e2%80%ba-error.jpg
  3. When WordPress links to this file as an attachment, it breaks the link. That's because the server sees the encoded text %e2%80%ba, and converting it back, thinks you're requesting wordpress-›-error.jpg, a file that doesn't exist. To be served a file named wordpress-%e2%80%ba-error.jpg, one would have to request instead wordpress-%25e2%2580%25ba-error.jpg

My patch strips out the percentage character (%) in wp_unique_filename, so that this confusion is avoided. It seems somewhat like a hack, so perhaps someone else can think of a better solution.

Attachments (1)

sanitize_fix.diff (522 bytes) - added by filosofo 7 years ago.

Download all attachments as: .zip

Change History (9)

@filosofo7 years ago

comment:1 @filosofo7 years ago

  • Keywords has-patch added

comment:2 @filosofo7 years ago

duplicated in #5826

comment:3 @ryan7 years ago

  • Owner changed from anonymous to ryan

comment:4 @hakre7 years ago

  • Milestone changed from 2.6 to 2.5.1
  • Resolution set to fixed
  • Status changed from new to closed

It would be great to see this inside the next revision (2.5.1). In the support forums many users report errors with the new uploader and this reduce some of them. I just checked against version 2.5 and 2.6 bleeding and the error is still in. This patch would at least fix the problem. Therefore some naming information from the filename is ok to loose.

comment:5 @hakre7 years ago

Additionally, a comment should be put inside the sourcecode to reference this ticket.

comment:6 @filosofo7 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:7 @ryan7 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [7630]) Strip percent signs when sanitizing filenames so the server doesn't try to decode entities. Props filosofo. fixes #5587 for 2.5

comment:8 @ryan7 years ago

(In [7631]) Strip percent signs when sanitizing filenames so the server doesn't try to decode entities. Props filosofo. fixes #5587 for trunk

Note: See TracTickets for help on using tickets.