Print

[FuguTabetai]

Hello,

  I'm running coppermine version 1.2.1 (upgraded from 1.1) and ran into a problem trying to Batch Upload files.  The problem is in searchnew.php, specifically, this line of code:

Code: [Select]


    $dir = str_replace(".","" ,$dir);

(line 284, searchnew.php, in scandir())

I assume this is being done to normalize out the file path, but it prevents using directories that have "." in the file name, such as 2004.04.03_XXX which I often use.  This wasn't a problem in coppermine 1.1.  I commented out the line in my version, so things work fine now, but I am curious what the intent was?  Worried about remote exploits based on file name strangeness?  

I'm keeping mine commented out for now.  Thanks for all the good work.  Cheers,

fugu

[Joachim Müller]

there are issues with folder names with a dot on lunix systems. Since only the gallery admin is supposed to create folders, this shouldn't be a problem. It's recommended to leave the dot checking in the code (undo your modifications!) and stop using dots in folder names (in fact leading dots actually cause problems, but we thought to steer out of harm's way).

GauGau

[FuguTabetai]

In that case, you really should return a better error message.  Something like "Dots are not allowed in folder names."

I don't really like that the recommendation is to unilaterally remove dots from folder names, but thanks for answering.