[wp-trac] Re: [WordPress Trac] #9416: Better file name sanitization for wp_unique_filename

WordPress Trac wp-trac at lists.automattic.com
Tue Apr 21 00:40:26 GMT 2009


#9416: Better file name sanitization for wp_unique_filename
-------------------------+--------------------------------------------------
 Reporter:  sivel        |       Owner:  sivel      
     Type:  enhancement  |      Status:  assigned   
 Priority:  normal       |   Milestone:  2.8        
Component:  Upload       |     Version:  2.7.1      
 Severity:  normal       |    Keywords:  needs-patch
-------------------------+--------------------------------------------------

Comment(by DD32):

 While Files will be created properly no matter what the characters (As
 long as they're valid on the system), The filename could potentially
 contain items which need to be escaped to be manipulated.

 Its a pain to have to work out the escape sequence on *unix sometimes for
 files.. (i've reverted to rm foo*.ext before)

 Also, many filesystems treat files differently as mentioned.. The current
 sanitization is pretty good from what i've seen, However, taking a
 cautious road could prevent issues in the future.. even if only just for 1
 person...

 Maybe a list of border-line cases which can occur with the current code
 would be useful? To explain the need for the changes to be made in the
 first place. (ie. outline the cases where the current sanitization fails)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9416#comment:17>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list