Issue information
-
#035282
-
Fixed
-
2.5.0
-
2.5.1
-
1 - Low
Issue Confirmations
-
Yes (0)No (0)
0
1.Upload file with name uploads.rar.
2.look in monthly.../ directory - saved as xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-.ipb, not as xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-uploads.ipb
Fix: add dot (\.) in preg_replace (files.php - _doUpload)
$_upload->out_file_name = md5( uniqid( microtime(), true ) ) . '-' . str_replace( array( " ", "\n", "\r", "\t" ), '_', $this->registry->getClass('idmFunctions')->getFileName( preg_replace( "/[^a-zA-Z0-9\.]/", '-', $_FILES['FILE_UPLOAD']['name'] ) ) );
But you have again forgotten that in the world there are other languages, not only English and names of files can be, for example, in Russian, files save as
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-------------------------------------------------.ipb
2.look in monthly.../ directory - saved as xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-.ipb, not as xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-uploads.ipb
Fix: add dot (\.) in preg_replace (files.php - _doUpload)
$_upload->out_file_name = md5( uniqid( microtime(), true ) ) . '-' . str_replace( array( " ", "\n", "\r", "\t" ), '_', $this->registry->getClass('idmFunctions')->getFileName( preg_replace( "/[^a-zA-Z0-9\.]/", '-', $_FILES['FILE_UPLOAD']['name'] ) ) );
But you have again forgotten that in the world there are other languages, not only English and names of files can be, for example, in Russian, files save as
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-------------------------------------------------.ipb
The *only* reason we preserve the filename at all in the uploads directory is to make it a tiny bit simpler if you are manually browsing the folder via FTP to identify what file is what. It really does not matter one bit if the filename is "xyz.ipb" or "abc.ipb", so I won't make drastic changes to account for other languages.
Contrary to your statement, we did not "forget" that there are other languages - it is simply irrelevant in this case. We originally used md5 hashes solely and decided to retain a resemblance of the file name in case someone was trying to look at the folder via FTP as a nicety, not because it matters to the software at all.
I will check into the regex change you suggested, however I have not noticed any problems akin to the one you are describing. If what you are saying is true, every single file would have no name in it (just "hash-.ipb"), and I know for a fact this is not the case on our servers at least.
Contrary to your statement, we did not "forget" that there are other languages - it is simply irrelevant in this case. We originally used md5 hashes solely and decided to retain a resemblance of the file name in case someone was trying to look at the folder via FTP as a nicety, not because it matters to the software at all.
I will check into the regex change you suggested, however I have not noticed any problems akin to the one you are describing. If what you are saying is true, every single file would have no name in it (just "hash-.ipb"), and I know for a fact this is not the case on our servers at least.
For example, we have name uploads.zip, ok?
before preg - uploads.rar
after preg - uploads-rar
Next look at getFileName()
it's return empty string, coz dot not found in file name for strrpos.
before preg - uploads.rar
after preg - uploads-rar
Next look at getFileName()
return strtolower( str_replace( ".", "", substr( $file, 0, (strrpos( $file, '.' )) ) ) );
it's return empty string, coz dot not found in file name for strrpos.
Ok, the regex I am using now is "/[^\w\.]/"
This has already been implemented elsewhere, but a few locations were missed apparently.
This has already been implemented elsewhere, but a few locations were missed apparently.
1 user(s) are reading this issue
0 members, 1 guests, 0 anonymous users
