Page MenuHomePhabricator

Prevent users from uploading images with + in name
Closed, DeclinedPublic


Author: marco

An user has uploaded the image [[de:Image:Fussel+Socke.jpg]] without knowing
that + is the urlencode for spaces. So this image is not accessible for bots and
the IE.

May someone fix the image name and put some preventer in the MediaWiki code please?

Version: unspecified
Severity: normal
OS: Windows XP
Platform: PC



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:21 PM
bzimport set Reference to bz6080.
bzimport added a subscriber: Unknown Object (MLST).

This should work fine with bots and IE. Can you provide a more
detailed description of the problem?

marco wrote:

I can not see the image when I click on
(HTTP 4o4)

In Firefox all things are normal.

I requested the preventer because the + char is normally the URLENCODEd char for
" "s and so it is possible (especially for mirrors!) that there can problems result.

This URL works just fine in IE 6.0 / Win98 and IE 7beta2 / WinXP.
Note that:

  1. + has no special meaning in URL path components.
  2. %2b is used for encoding the + in any case.

marco wrote:

for 1): try in PHP5 the line <? echo urldecode("Fussel+Socke.jpg"); ?>; it will
echo "Fussel Socke.jpg".
for 2): try in PHP5 the line <? echo urldecode("Fussel%2BSocke.jpg"); ?>; it
will echo "Fussel Socke.jpg".
(note: I tested on Windows XP SP1, maybe that PHP behaves different, then bug is
for wreck)


The statement above is false: your second code fragment in fact
outputs "Fussel+Socke.jpg", as expected.

marco wrote:

Ah, I think I know the reason:
It is the file encoding. When it is UTF-8, then the PHP snipps will act as I
told. When it is other charset (yeah, Turkish also works), it acts as you've told.
Strange thing.