[wp-trac] [WordPress Trac] #16330: media_sideload_image() broken with filenames containing strange characters (e.g., +, %)
WordPress Trac
wp-trac at lists.automattic.com
Thu Jul 12 18:35:33 UTC 2012
#16330: media_sideload_image() broken with filenames containing strange characters
(e.g., +, %)
-------------------------------------------------+-------------------------
Reporter: Coolkevman | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Future
Component: Media | Release
Severity: major | Version: 3.1
Keywords: has-patch needs-testing 3.5-early | Resolution:
needs-unit-tests |
-------------------------------------------------+-------------------------
Changes (by krembo99):
* cc: krembo99 (added)
Comment:
http://core.trac.wordpress.org/ticket/16226
The problem is not only in media_sideload_image() but in every upload. it
begins and ends with the sanitize_file_name() , which is not as extensive
as it should be .
It will also create another problem with files that have dots ( "." )
inside the filename (example : file.name.3.4.dif.old.jpg)
In that case , and depending on other characters in the name , it will
trim the extension.
The following code resolves 90% of the problems on my tests.
{{{
add_filter('sanitize_file_name', 'k99_sanitize_file_name', 1);
function k99_sanitize_file_name($filename){
$filename = preg_replace(
'/[^a-z0-9_.\-]/','-',$filename);
//I used Preg_replace . but maybe the whole
function should go to filters ... example :
// $filename =
preg_replace('/[^a-zA-Z0-9._-]/','',$filename);
// $filename = filter_var($filename,
FILTER_SANITIZE_EMAIL);
// $filename=
sanitize_title_with_dashes($filename);
//$filename = filter_var($filename ,
FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
//$filename = filter_var($filename ,
FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
// important in some countries !
$filename = strtr($filename,
'ŠŽšžŸÀÁÂÃÄÅÇÈÉÊËÌÍÎÏÑÒÓÔÕÖØÙÚÛÜÝàáâãäåçèéêëìíîïñòóôõöøùúûüýÿÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïñòóôõöøùúûüýÿĀāĂ㥹ĆćĈĉĊċČčĎďĐđĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħĨĩĪīĬĭĮįİıIJijĴĵĶķĹĺĻļĽľĿŀŁłŃńŅņŇňʼnŌōŎŏŐőŒœŔŕŖŗŘřŚśŜŝŞşŠšŢţŤťŦŧŨũŪūŬŭŮůŰűŲųŴŵŶŷŸŹźŻżŽžſƒƠơƯưǍǎǏǐǑǒǓǔǕǖǗǘǙǚǛǜǺǻǼǽǾǿ',
'SZszYAAAAAACEEEEIIIINOOOOOOUUUUYaaaaaaceeeeiiiinoooooouuuuyyAAAAAAAECEEEEIIIIDNOOOOOOUUUUYsaaaaaaaeceeeeiiiinoooooouuuuyyAaAaAaCcCcCcCcDdDdEeEeEeEeEeGgGgGgGgHhHhIiIiIiIiIiIJijJjKkLlLlLlLlllNnNnNnnOoOoOoOEoeRrRrRrSsSsSsSsTtTtTtUuUuUuUuUuUuWwYyYZzZzZzsfOoUuAaIiOoUuUuUuUuUuAaAEaeOo');
$filename = strtr($filename, array('Þ' => 'TH',
'þ' => 'th', 'Ð' => 'DH', 'ð' => 'dh', 'ß' => 'ss', 'Œ' => 'OE', 'œ' =>
'oe', 'Æ' => 'AE', 'æ' => 'ae', 'µ' => 'u'));
$filename = $filename ;
return $filename;
}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16330#comment:22>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list