Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: jpg filenames with '&' don't get edited.  (Read 8783 times)

0 Members and 1 Guest are viewing this topic.

xushi

  • Coppermine newbie
  • Offline Offline
  • Posts: 9
jpg filenames with '&' don't get edited.
« on: July 06, 2005, 11:27:14 am »

Here's another one.

If you have a jpg with & in the file name, like
me & the dog.jpg
It doesn't like it.

- In the "Batch Add File", it displays a "Cant read that file" instead of the actual image. But it does actually edit it from what i see.
http://xushi.co.uk/xushi/sv/andsign.jpg

- In the gallery, when you want to "crop and rotate" the picture , you can't. After modifying (eg, rotate +-90) and preview or saving, it just displays an empty grey screen and doesn't edit/save.
« Last Edit: September 19, 2005, 10:15:39 pm by GauGau »
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: jpg filenames with '&' don't get edited.
« Reply #1 on: July 31, 2005, 03:34:29 pm »

[moderation]
bumping this unresolved thread to the top...
Logged

Nibbler

  • Guest
Re: jpg filenames with '&' don't get edited.
« Reply #2 on: August 01, 2005, 03:31:49 am »

I remember testing this. The problem was with the space character not the ampersand character, but I was unable to determine the cause.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: jpg filenames with '&' don't get edited.
« Reply #3 on: August 15, 2005, 07:13:45 am »

I don't think it's the space char, but (as suggested by xushi) the ampersand, see attached screenshot.
Logged

artistsinhawaii

  • VIP
  • Coppermine addict
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 856
    • evj art and photography
Re: jpg filenames with '&' don't get edited.
« Reply #4 on: August 23, 2005, 11:47:44 am »

just a thought.

In my old programing days of 30 years ago. I vaguely remember that if you confuse varchar with string in the function, '&' is read as a function and not as part of a string.

How does the batch file function read file names?

Dennis
Logged
Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.

omniscientdeveloper

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 901
Re: jpg filenames with '&' don't get edited.
« Reply #5 on: September 12, 2005, 06:36:20 am »

*BUMP*
Logged

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: jpg filenames with '&' don't get edited.
« Reply #6 on: September 12, 2005, 09:13:43 am »

& is an illegal character for filenames as filenames are passed around in $_GET.
This was done to prevent possible XSS attacks and this cleanup happens in line 40 of init.inc.php
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: jpg filenames with '&' don't get edited.
« Reply #7 on: September 17, 2005, 11:37:09 am »

there are a number of other illegal chars in filenames, and coppermine handles them by replacing/removing those illegal chars on file system level afaik. Couldn't we do this for ampersands as well, as there will always be fools who use special chars in filenames who will get confused by a hard error?
Logged

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: jpg filenames with '&' don't get edited.
« Reply #8 on: September 17, 2005, 02:00:05 pm »

If I am not mistaken, the renaming is done at the insert level. Here we will have to do it before insert, infact as soon as they are displayed.
I don't know how desirable it is to change filenames even before they are inserted. There will always be fools who will keep uploading again and again and it will keep getting renamed ...

Let us hear from other devs if they have any other idea.
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

artistsinhawaii

  • VIP
  • Coppermine addict
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 856
    • evj art and photography
Re: jpg filenames with '&' don't get edited.
« Reply #9 on: September 17, 2005, 09:33:38 pm »

If someone had a two files, one named "John&Mary.jpg" and the other "JohnMary.jpg" would the renaming overwrite the other?  The renaming script would have to search all files and create a unique filename to prevent this.  How would this affect time out issues on larger galleries?

How about just sticking a tag line somewhere in the [batch add files] and the [upload files] screens stipulating something like  "Coppermine 1.4x does not permit the use of "&,<,>,/,?, etc" in file names." ?  Also include it somewhere in the installation notes?


Dennis

Logged
Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: jpg filenames with '&' don't get edited.
« Reply #10 on: September 18, 2005, 01:09:16 pm »

I agree with Dennis - an error message like "This filename contains illegal characters" would be all it takes instead of the generic "Can't read that file". This way, we'd tell users that they need to rename the pic using their FTP client before it can be added to coppermine, so no extra renaming scheme would have to be added to the coppermine core code, and the bug would be fixed easily. Any dev volunteer?
Logged

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: jpg filenames with '&' don't get edited.
« Reply #11 on: September 19, 2005, 07:28:33 am »

I am working on file renaming as soon as the user first browses the FTP'd files.
It just might work and solve everything for everybody.
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: jpg filenames with '&' don't get edited.
« Reply #12 on: September 19, 2005, 10:26:15 am »

Added the code for above mentioned functionality and committed to CVS.

All the files in the selected directory with forbidden characters, space and & will get replaced with underscore and then a unique filename will be generated before actaully replacing it on harddisk.
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

artistsinhawaii

  • VIP
  • Coppermine addict
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 856
    • evj art and photography
Re: jpg filenames with '&' don't get edited.
« Reply #13 on: September 19, 2005, 12:21:15 pm »

Aditya,

Sorry, but what file(s) was modified?  I'd like to keep my eye on CVS for it.

Dennis
Logged
Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.

Aditya Mooley

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 781
    • My Sweet Home
Re: jpg filenames with '&' don't get edited.
« Reply #14 on: September 19, 2005, 12:29:26 pm »

searchnew.php and functions.inc.php
functions.inc.php was modified for different reason - reported by Abbas in http://forum.coppermine-gallery.net/index.php?topic=21908.0 but also needed for batchadd.

Aditya
Logged
--- "Its Nice 2 BE Important but its more Important 2 Be NICE" ---
Follow Coppermine on Twitter

artistsinhawaii

  • VIP
  • Coppermine addict
  • ***
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 856
    • evj art and photography
Re: jpg filenames with '&' don't get edited.
« Reply #15 on: September 19, 2005, 12:35:57 pm »

Thanks, Aditya
Logged
Learn and live ... In January of 2011, after a botched stent attempt, the doctors told me I needed a multiple bypass surgery or I could die.  I told them I needed new doctors.
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 19 queries.