[wp-trac] [WordPress Trac] #22813: Media Uploader doesn't escape "+" in filenames and doesn't upload file

WordPress Trac noreply at wordpress.org
Thu Aug 15 07:07:19 UTC 2013


#22813: Media Uploader doesn't escape "+" in filenames and doesn't upload file
----------------------------------------+------------------------------
 Reporter:  devinreams                  |       Owner:
     Type:  defect (bug)                |      Status:  new
 Priority:  normal                      |   Milestone:  Awaiting Review
Component:  Media                       |     Version:  3.4.2
 Severity:  normal                      |  Resolution:
 Keywords:  has-patch needs-unit-tests  |
----------------------------------------+------------------------------

Comment (by nacin):

 Replying to [comment:15 jamescollins]:
 > 2. In ms-files.php, use {{{urlencode( $_GET[ 'file' ] )}}} instead of
 {{{$_GET[ 'file' ])}}} on
 [http://core.trac.wordpress.org/browser/trunk/src/wp-includes/ms-
 files.php#L26 line 26].

 Perhaps it is just a matter of replacing ' ' with '+'? Beyond spaces, it
 seems odd to be allowing possible url-encoded values in filenames, but
 spaces seem like something we should be able to handle. Especially since
 it is A) very common for spaces to be in filenames created by most
 computer users, and B) it only breaks when using functionality many of us
 never wished existed and since retired for new networks (ms-files).

 > If you know of a way we could write unit tests for any (or all) of this,
 then I'd love to know.

 Oh, I was only referring to updating the existing unit tests for
 sanitize_file_name(). Sorry for the confusion.

 > Interestingly, I just tried uploading a file called {{{wordpress logo
 test file which contains a + character.png}}} to wordpress.com, and it was
 renamed to {{{wordpress-logo-test-file-which-contains-a-character.png}}}
 (ie the {{{+}}} character was removed).'''

 I guess we could ask them if they are using the sanitize_file_name_chars
 filter to add in others, or doing some other kind of en/decoding or
 sanitization.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/22813#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list