Feature #4324
closed
Redmine renames my files, it shouldn't.
0%
Description
Redmine renames files with spaces in their name. This shouldn't happen as violates the least surprise principle.
In practice, I have an app where original filenames are relevant (and most had spaces in them), and when using Redmine to work with them everybody has to go on a underscore replacing rampage, which is not nice.
So, please, do not rename my files.
Files
Updated by Nistor B. almost 15 years ago
- File attachment.rb attachment.rb added
- Status changed from New to Resolved
- Assignee set to Jean-Philippe Lang
- % Done changed from 0 to 50
Hi,
Here is a possible fix. There is a file name conversion in Attachement.sanitize_filename
The only problem I see is that on disk the file name will stored in HEX I think.
The file on disk had another name anyway but now it's unreadable.
On the interface it's fine now and the download it's fine.
Suggest another a better solution. I would like to provide a better fix if this is wrong.
Updated by Vinko Vrsalovic almost 15 years ago
I personally don't mind if files are stored as hex or similar in disk as long as there is a rake task to obtain the name from the hex code and viceversa.
I think that the common use case is to handle files through the web interface and the uncommon case is to handle them directly in the filesystem. So a helper for the uncommon case would be enough.
Updated by Nistor B. almost 15 years ago
From rails guide http://guides.rubyonrails.org/security.html there is a suggestion:
_# Finally, replace all non alphanumeric, underscore # or periods with underscore name.gsub! /[^\w\.\-]/, '_' This is what is generating this bug._
This is recommended as best practice but really it isn't.
I worked PHP for a while and the 2 best security books on PHP do not mention character replacement on upload.
Unfortunately this replacement is generating unwanted/unexpected user behavior in my opinion it's indeed a bug.
The better solution is to validate the file name.
We should decide what characters should be allowed in the file name( space, alfa-numerics, underscore etc. ) and validate the file name accordingly.
The validation message should specify which are the allowed characters.
Updated by Michael Thomas over 14 years ago
+1 from me - I agree with Vinko in that I do not care how files are stored in the filesystem, while I too believe that the original file name should be used in the UI.
Updated by Eric Davis over 14 years ago
- Tracker changed from Defect to Feature
- Status changed from Resolved to New
- Assignee deleted (
Jean-Philippe Lang) - % Done changed from 50 to 0
Updated by Paul Dann over 13 years ago
Please fix this soon! In our company, we use lots of brackets, ampersands etc... and more often than not our attachment filenames end up looking completely unintelligible on Redmine.
Updated by Dragomir Denev almost 13 years ago
Is this going to be fixed in Redmine at all or has this been abandoned?
Updated by Jean-Philippe Lang almost 13 years ago
- Status changed from New to Closed
- Assignee set to Jean-Philippe Lang
- Target version set to 1.3.0
- Resolution set to Fixed
Fixed in r7917. Now, only a few characters are removed from the filename stored in the database:
? % * : | " ' < >
Updated by Soonhyoung An over 12 years ago
after my redmine upgrade 1.3.1
it fixed that changing my file names.
but. at that time i display my attached image to wiki page.
it doesn't work if file name include blank space..
is it normal?