[wp-trac] [WordPress Trac] #16330: media_sideload_image() broken with filenames containing strange characters (e.g., +, %) (was: media_sideload_image() broken with URLs containing spaces)

Fri Nov 11 20:10:55 UTC 2011

#16330: media_sideload_image() broken with filenames containing strange characters
(e.g., +, %)
--------------------------+------------------------------
 Reporter:  Coolkevman    |       Owner:
     Type:  defect (bug)  |      Status:  reopened
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Media         |     Version:  3.2.1
 Severity:  major         |  Resolution:
 Keywords:  needs-patch   |
--------------------------+------------------------------
Changes (by Azuaron):

 * keywords:  has-patch => needs-patch
 * version:  3.1 => 3.2.1
 * component:  HTTP => Media
 * severity:  normal => major

Comment:

 From what I can tell, WP has no problem sideloading images with strange (%
 +) characters, but has a problem serving an image with a strange character
 that has been sideloaded. I believe the easiest fix would be to add a
 couple additional lines at line 467 of wp-admin/includes/file.php

 {{{
 #!php
 465 $filename = str_replace('?','-', $filename);
 466 $filename = str_replace('&','-', $filename);
 467 $filename = str_replace('%','-', $filename); //New line
 468 $filename = str_replace('+','-', $filename); //New line
 }}}

 A more complete solution would be to use preg_replace to remove all non-
 approved characters from the filename instead of using str_replace:

 {{{
 #!php
 465 //Remove line: $filename = str_replace('?','-', $filename);
 466 //Remove line: $filename = str_replace('&','-', $filename);
 467 $filename = preg_replace("/[^a-zA-Z0-9_-]/", '-', $filename); //New
 line
 }}}

 This should ensure the file, once saved, has a filename with only
 compatible characters.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16330#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software