Feature #4324

Redmine renames my files, it shouldn't.

Added by Vinko Vrsalovic almost 8 years ago. Updated almost 6 years ago.

Status:ClosedStart date:2009-12-02
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Attachments
Target version:1.3.0
Resolution:Fixed

Description

Redmine renames files with spaces in their name. This shouldn't happen as violates the least surprise principle.

In practice, I have an app where original filenames are relevant (and most had spaces in them), and when using Redmine to work with them everybody has to go on a underscore replacing rampage, which is not nice.

So, please, do not rename my files.

Space_or_underscore.txt Magnifier - Original name: "space or underscore.txt" (48 Bytes) Vinko Vrsalovic, 2009-12-03 11:31

attachment.rb Magnifier (5.61 KB) Nistor B., 2009-12-04 00:09

Associated revisions

Revision 7917
Added by Jean-Philippe Lang almost 6 years ago

Limit the characters stripped by Attachment#sanitize_filename (#4324).

History

#1 Updated by Nistor B. almost 8 years ago

  • File attachment.rbMagnifier added
  • Status changed from New to Resolved
  • Assignee set to Jean-Philippe Lang
  • % Done changed from 0 to 50

Hi,
Here is a possible fix. There is a file name conversion in Attachement.sanitize_filename
The only problem I see is that on disk the file name will stored in HEX I think.
The file on disk had another name anyway but now it's unreadable.

On the interface it's fine now and the download it's fine.
Suggest another a better solution. I would like to provide a better fix if this is wrong.

#2 Updated by Vinko Vrsalovic almost 8 years ago

I personally don't mind if files are stored as hex or similar in disk as long as there is a rake task to obtain the name from the hex code and viceversa.

I think that the common use case is to handle files through the web interface and the uncommon case is to handle them directly in the filesystem. So a helper for the uncommon case would be enough.

#3 Updated by Nistor B. almost 8 years ago

From rails guide http://guides.rubyonrails.org/security.html there is a suggestion:

_# Finally, replace all non alphanumeric, underscore  # or periods with underscore  name.gsub! /[^\w\.\-]/, '_' 
This is what is generating this bug._

This is recommended as best practice but really it isn't.
I worked PHP for a while and the 2 best security books on PHP do not mention character replacement on upload.

Unfortunately this replacement is generating unwanted/unexpected user behavior in my opinion it's indeed a bug.

The better solution is to validate the file name.
We should decide what characters should be allowed in the file name( space, alfa-numerics, underscore etc. ) and validate the file name accordingly.
The validation message should specify which are the allowed characters.

#4 Updated by Michael Thomas over 7 years ago

+1 from me - I agree with Vinko in that I do not care how files are stored in the filesystem, while I too believe that the original file name should be used in the UI.

#5 Updated by Eric Davis over 7 years ago

  • Tracker changed from Defect to Feature
  • Status changed from Resolved to New
  • Assignee deleted (Jean-Philippe Lang)
  • % Done changed from 50 to 0

#6 Updated by Paul Dann over 6 years ago

Please fix this soon! In our company, we use lots of brackets, ampersands etc... and more often than not our attachment filenames end up looking completely unintelligible on Redmine.

#7 Updated by Dragomir Denev almost 6 years ago

Is this going to be fixed in Redmine at all or has this been abandoned?

#8 Updated by Jean-Philippe Lang almost 6 years ago

  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Target version set to 1.3.0
  • Resolution set to Fixed

Fixed in r7917. Now, only a few characters are removed from the filename stored in the database:

? % * : | " ' < >

#9 Updated by Soonhyoung An almost 6 years ago

after my redmine upgrade 1.3.1
it fixed that changing my file names.

but. at that time i display my attached image to wiki page.
it doesn't work if file name include blank space..

is it normal?

Also available in: Atom PDF