Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change sanitize behavior for files with two dots in filename #14330

Open
wants to merge 5 commits into
base: 2.x
Choose a base branch
from

Conversation

tolanych
Copy link
Contributor

@tolanych tolanych commented Feb 5, 2019

What does it do?

For files uploaded via media-manager name with two or more dots will sanitize as when creating file.
UPD:
Change behavior. Now sanitize path before filename and allow filename had two dots. Update related browser/file processors.

Why is it needed?

To avoid the mistake like described in issue (cannot be removed).
And for consistency with behavior creating file.

Related issue(s)/PR(s)

This fixes issue #14320

@JoshuaLuckers JoshuaLuckers added area-core pr/review-needed Pull request requires review and testing. labels Feb 5, 2019
@@ -873,7 +873,7 @@ public function uploadObjectsToContainer($container,array $objects = array()) {
}

$newPath = $this->fileHandler->sanitizePath($file['name']);
$newPath = $directory->getPath().$newPath;
$newPath = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($directory->getPath().$newPath))));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not move this in sanitizePath?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have fears to break other uses case fileHandler->sanitizePath.
This method might have been used before in external components and their processors

Copy link
Collaborator

@Jako Jako Feb 7, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

O.k. Then we maybe have to get the reason why two dots in the filename create that issue.

Some sanitize method on the filename removes too much elsewhere. It just should remove the possibility to ascend in the path and strips those two dots instead of slashes/backslashes surrounded by two dots. But I did not searched for this ...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now I've realised that my decision (sanitize in method uploadObjectsToContainer) is not clear from the point of consistency.

This behavior I get from processor browser/file/create
This filter process directory path and filename.

In processor browser/file/upload the filter in fact process only directory path, but not filename.

In processor browser/file/remove preparing correct filepath without two dots and as result don't found file.

This had resulted in bug described in issue #14320.

As a solution propose for browser/file processors (create, upload, remove) to remove only two dots from path before filename and allow filename had two dots.
How are you viewing this?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If then it's also allowing to delete a file with two or multiple dots, than I'm alright with this 🚀

@Jako Jako added this to the v2.7.1 milestone Feb 6, 2019
@Jako Jako added the bug The issue in the code or project, which should be addressed. label Feb 6, 2019
@Ruslan-Aleev
Copy link
Collaborator

Files are renamed when they are loaded, but files with two dots in the name cannot be deleted if they are not loaded via the file manager (for example, via ftp).

@tolanych tolanych changed the title Add sanitize two dots in filepath for file uploading Change sanitize behavior for files with two dots in filename Feb 9, 2019
if (!empty($directory)) {
$directory .= DIRECTORY_SEPARATOR;
}
$name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $file )));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could use pathinfo for both parts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did so the first time.
Pathinfo with PATHINFO_BASENAME and PATHINFO_FILENAME have trouble with filename with unciode symbols and more dots.
So after testing and catch more bugs I replace this on more simple - end->explode for filename.

e.g. http://codepad.org/73SaPqcF, first 4 characters in filename are loses.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pathinfo is locale aware, so you have to set an UTF8 capable locale before:

$oldlocale = setlocale(LC_ALL, 0);
setlocale(LC_ALL,'C.UTF-8');
$pathinfo = pathinfo($file);
setlocale(LC_ALL,$oldlocale);

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You have to check, if 'C.UTF-8' is available.

if (!empty($directory)) {
$directory .= DIRECTORY_SEPARATOR;
}
$name = htmlspecialchars(end(explode( DIRECTORY_SEPARATOR, $newFile )));
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Jako,

my last fix with setlocale is not right yet?

@alroniks alroniks modified the milestones: v2.7.1, v2.7.2 Feb 14, 2019
@Mark-H Mark-H added blocked Active participation around the pull request or issue required. Consensus is not reached. and removed pr/review-needed Pull request requires review and testing. labels Mar 5, 2019
$name = preg_replace('/[\.]{2,}/', '', htmlspecialchars($name));
$success = $this->source->renameObject($oldFile, $name);
$oldlocale = setlocale(LC_ALL, 0);
setlocale(LC_ALL,'C.UTF-8');
Copy link
Collaborator

@Jako Jako Mar 11, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please check here, wether setlocale is successful. Otherwise an error should be logged, describing possible issues. Maybe the 'C.UTF-8' string should be configurable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This trouble solving if MODX Setting "locale" is correct encoding for current server environment.
Now I don't run setlocale manually, just log about encoding if function pathinfo return not what was expected

начинающиеся с «#» будут проигнорированы, а пустое сообщение
@Ibochkarev
Copy link
Collaborator

@Jako Please check the changes.

@JoshuaLuckers JoshuaLuckers added pr/review-needed Pull request requires review and testing. and removed blocked Active participation around the pull request or issue required. Consensus is not reached. labels Dec 1, 2019
@JoshuaLuckers JoshuaLuckers requested a review from Jako December 1, 2019 11:15
@JoshuaLuckers
Copy link
Contributor

@cla-bot check

@cla-bot
Copy link

cla-bot bot commented Jan 22, 2020

Thank you for your contribution! Before your pull request can be reviewed, please sign the MODX Contributor License Agreement (CLA). This is to make sure MODX has your written permission to distribute projects containing your contributions under the appropriate license.

Please make sure the CLA has been signed for GitHub user(s): @tolanych

Once you've signed, please reply with @cla-bot check to verify and update the status of this pull request.

@cla-bot cla-bot bot removed area-core bug The issue in the code or project, which should be addressed. pr/review-needed Pull request requires review and testing. labels Jan 22, 2020
@cla-bot
Copy link

cla-bot bot commented Jan 22, 2020

The cla-bot has been summoned, and re-checked this pull request!

@JoshuaLuckers JoshuaLuckers added area-core pr/review-needed Pull request requires review and testing. labels Jan 22, 2020
@opengeek opengeek modified the milestones: v2.7.3, v2.8.0 Feb 27, 2020
@SnowCreative
Copy link
Contributor

Shouldn't the sanitizer also remove characters like ampersand and pound sign? Those cause problems as well, and shouldn't be allowed in file names. I have clients who upload files like this all the time and then ask me why linking to these files on their websites doesn't work.
See also #13412

@opengeek opengeek removed this from the v2.8.0 milestone Oct 8, 2020
@smg6511 smg6511 self-assigned this Sep 27, 2023
@rthrash rthrash added the bug The issue in the code or project, which should be addressed. label Jan 24, 2024
@rthrash rthrash added this to the v2.8.7 milestone Jan 24, 2024
@opengeek opengeek added the cla-signed CLA confirmed for contributors to this PR. label Mar 22, 2024
@opengeek opengeek modified the milestones: v2.8.7, v2.8.8 Apr 9, 2024
@opengeek opengeek modified the milestones: v2.8.8, v2.9.0 Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-core bug The issue in the code or project, which should be addressed. cla-signed CLA confirmed for contributors to this PR. pr/review-needed Pull request requires review and testing.
Projects
None yet
Development

Successfully merging this pull request may close these issues.