[wp-trac] [WordPress Trac] #22363: Accents in attachment filenames should be sanitized

WordPress Trac noreply at wordpress.org
Fri Jan 25 20:58:43 UTC 2013 

#22363: Accents in attachment filenames should be sanitized
--------------------------+------------------
 Reporter:  tar.gz        |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.6
Component:  Upload        |     Version:  3.4
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |
--------------------------+------------------

Comment (by tar.gz):

 Some more information after further research:

 - The same issue obviously appears for any type of attachment, such as a
 PDF that would be linked from within a post. In Safari, linking to a PDF
 file with diacritics will lead to the 404 page.

 - On WordPress.com, a solution has been implemented: when uploading the
 "moiré-pättern.png" file from above, it gets renamed into
 "mc3b8irecc81-pacc88ttern.png". So there is some sanitization in place,
 which is lacking in WordPress.org. And it works in OSX.

 Here are two more links from support forums, showing how this issue
 affects users around the world:
 - https://discussions.apple.com/thread/4381117 (has some good info!)
 - http://wordpress.org/support/topic/uploaded-image-with-accents-in-name-
 image-dont-show-in-safari-6?replies=5

 All this testing actually leads me to think that I should open another
 ticket, not about ''renaming'' the files, but about generating ''URL-
 encoded links'' when embedding files into a post (or generating galleries
 with the shortcode). According to
 [http://tools.ietf.org/html/rfc3986#page-16 RFC 3986] (URI Generic
 Syntax), accented characters should be percent-encoded. I guess the simple
 solution would be to cleanse those filenames with the
 [http://php.net/rawurlencode rawurlencode()] PHP function when generating
 the link.

 With that strategy, we would have a pretty good fix, even without touching
 the upload / file renaming process.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/22363#comment:16>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list