forum.coppermine-gallery.net
Support => cpg1.4.x Support => Older/other versions => cpg1.4 modpack by Stramm => Topic started by: bitcloud on April 23, 2007, 11:30:49 am
-
Hi again..
Another bug here... this time in avatar_manage.php.
If you select a previously uploaded file which contains a "]" (other characters seem to be ok to the best of my testing) the filename will break at that point.
ie a filename called "beach[sunrise].jpg" will display fine everywhere including the avatar manage, but as soon as you set it to your avatar you end up with avatar_manage.php, profile.php and comments (everywhere the avatar shows up) it tries to display a chopped filename - "beach"
It removes everything after (and including) the close square bracket from the avatar filename entry...
my users tend to use square brackets in their filenames, so if you can think of any way around this, that'd be muchly appreciated!
you can see this in action here:
http://stramm.st.funpic.org/profile.php?uid=127
-
known problem, you reported that some time back
http://forum.coppermine-gallery.net/index.php?topic=42658.0
Problem isn't sanitizing. It's how the input tag and its attributes work. the ] ends the name attribute, and that one is used to pass the filename. For example
<input type="checkbox" id="checkall" name="list[samplefile[No1].jpg]" value="123" />
so we just encode the name and all's good
in avatar_manage.php find
$filename=$CONFIG['mini_pfx'].$i['filename'];and replace with
$filename=$CONFIG['mini_pfx'].urlencode($i['filename']);
-
Thanks.. thats fixed it
I think the other problem is independent of this bug. It seems to be a problem with the main code... for now i've just avoided uploading from URL's
-
I do not have any problems with uploading images containing square brackets for use as avatars - the avatar manage renames them to user_1000+uid_avatar.jpg as it should be