https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292009-12-03T23:09:36ZRedmineRedmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=126882009-12-03T23:09:36ZNistor B.
<ul><li><strong>File</strong> <a href="/attachments/2870">attachment.rb</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/2870/attachment.rb">attachment.rb</a> added</li><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>50</i></li></ul><p>Hi,<br />Here is a possible fix. There is a file name conversion in Attachement.sanitize_filename<br />The only problem I see is that on disk the file name will stored in HEX I think.<br />The file on disk had another name anyway but now it's unreadable.</p>
<p>On the interface it's fine now and the download it's fine.<br />Suggest another a better solution. I would like to provide a better fix if this is wrong.</p> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=126972009-12-04T08:39:39ZVinko Vrsalovic
<ul></ul><p>I personally don't mind if files are stored as hex or similar in disk as long as there is a rake task to obtain the name from the hex code and viceversa.</p>
<p>I think that the common use case is to handle files through the web interface and the uncommon case is to handle them directly in the filesystem. So a helper for the uncommon case would be enough.</p> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=127242009-12-04T22:11:58ZNistor B.
<ul></ul><p>From rails guide <a class="external" href="http://guides.rubyonrails.org/security.html">http://guides.rubyonrails.org/security.html</a> there is a suggestion:</p>
<pre>
_# Finally, replace all non alphanumeric, underscore # or periods with underscore name.gsub! /[^\w\.\-]/, '_'
This is what is generating this bug._
</pre>
<p>This is recommended as best practice but really it isn't. <br />I worked PHP for a while and the 2 best security books on PHP do not mention character replacement on upload.</p>
<p>Unfortunately this replacement is generating unwanted/unexpected user behavior in my opinion it's indeed a bug.</p>
<p>The better solution is to validate the file name.<br />We should decide what characters should be allowed in the file name( space, alfa-numerics, underscore etc. ) and validate the file name accordingly.<br />The validation message should specify which are the allowed characters.</p> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=153652010-03-22T21:14:03ZMichael Thomas
<ul></ul><p>+1 from me - I agree with Vinko in that I do not care how files are stored in the filesystem, while I too believe that the original file name should be used in the UI.</p> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=174332010-06-19T01:02:50ZEric Davis
<ul><li><strong>Tracker</strong> changed from <i>Defect</i> to <i>Feature</i></li><li><strong>Status</strong> changed from <i>Resolved</i> to <i>New</i></li><li><strong>Assignee</strong> deleted (<del><i>Jean-Philippe Lang</i></del>)</li><li><strong>% Done</strong> changed from <i>50</i> to <i>0</i></li></ul> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=308212011-07-18T15:32:25ZPaul Dann
<ul></ul><p>Please fix this soon! In our company, we use lots of brackets, ampersands etc... and more often than not our attachment filenames end up looking completely unintelligible on Redmine.</p> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=340872011-11-24T12:27:51ZDragomir Denev
<ul></ul><p>Is this going to be fixed in Redmine at all or has this been abandoned?</p> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=341092011-11-24T20:21:31ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>Target version</strong> set to <i>1.3.0</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Fixed in <a class="changeset" title="Limit the characters stripped by Attachment#sanitize_filename (#4324)." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/7917">r7917</a>. Now, only a few characters are removed from the filename stored in the database:</p>
<pre>
? % * : | " ' < >
</pre> Redmine - Feature #4324: Redmine renames my files, it shouldn't.https://www.redmine.org/issues/4324?journal_id=360372012-02-14T02:47:20ZSoonhyoung An
<ul></ul><p>after my redmine upgrade 1.3.1<br />it fixed that changing my file names.</p>
<p>but. at that time i display my attached image to wiki page.<br />it doesn't work if file name include blank space..</p>
<p>is it normal?</p>