WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#9081 closed defect (bug) (fixed)

Upload Media: "Title" should not be overly sanitized

Reported by: mdawaffe Owned by:
Milestone: 2.8 Priority: normal
Severity: normal Version: 2.7
Component: Upload Keywords: has-patch tested commit
Focuses: Cc:

Description

When I upload an image called "Me and My Dread God of Rocking Chairs.JPG", it gets stored on my webserver as "me-and-my-dread-god-of-rocking-chairs.jpg". This is the correct behavior.

However, the post_title of the attachment is also sent through sanitize_with_dashes(), which is unnecessary.

Expected:
post_title = "Me and My Dread God of Rocking Chairs"

Attachments (3)

9081.patch (822 bytes) - added by hakre 5 years ago.
title should be the name (related to the filename of the upload) and not the newfilename (The one in fs then)
9081.2.patch (828 bytes) - added by hakre 5 years ago.
Fixed Patch
9081.3.patch (817 bytes) - added by hakre 5 years ago.
A trim does not hurt.

Download all attachments as: .zip

Change History (15)

comment:1 ryan5 years ago

  • Component changed from General to Upload
  • Owner anonymous deleted

comment:2 Denis-de-Bernardy5 years ago

  • Keywords needs-patch added; upload media removed

I'm pretty certain there's a dup of this in trac.

hakre5 years ago

title should be the name (related to the filename of the upload) and not the newfilename (The one in fs then)

comment:3 hakre5 years ago

Check against Trunk: Still defect in trunk (/wp-admin/media-new.php)

Found the cause. See patch.

comment:4 hakre5 years ago

  • Keywords has-patch developer-feedback reporter-feedback needs-testing added; needs-patch removed

comment:5 Denis-de-Bernardy5 years ago

  • Keywords needs-patch added; has-patch developer-feedback reporter-feedback needs-testing removed

My Test.jpg gets a title of My Test.jp with the current patch

hakre5 years ago

Fixed Patch

comment:6 hakre5 years ago

  • Keywords has-patch added; needs-patch removed

comment:7 Denis-de-Bernardy5 years ago

Doing my best to break it... :-)

Try:

My friend's \ / "funky" Test.jpg

comment:8 Denis-de-Bernardy5 years ago

(that's a valid file name on a Mac, dunno about Windows)

see also #9416

comment:9 hakre5 years ago

Yeah, you are pushing forward :D. Tested that/similar on sidux, you raised my interest. But that does not break the patch but the $_FILES array. That can not handle \ in filenames at least here on an apache running on win32. You can see that in the filename as well. So nothing to fix about that. And no way to retrieve that data whatsoever.

hakre5 years ago

A trim does not hurt.

comment:10 Denis-de-Bernardy5 years ago

  • Keywords tested commit added

On a Mac, it returns "funky" Test.jpg as a file name. And My Friend's Test.jpg returns My Friend's Test.jpg.

But agreed, / and \ aren't supported by all platforms, so fixed as far as I'm concerned.

comment:11 Denis-de-Bernardy5 years ago

My Friend's Test.jpg returns My Friend's Test, even.

comment:12 ryan5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11198]) Don't over sanitize uploaded file titles. Props hakre. fixes #9081

Note: See TracTickets for help on using tickets.