Php photo gallery TWG | JFUploader | TWG Flash upload | WFU | Forum

Get help for TinyWebGallery, the best image gallery. The forum is also home for the Joomla JFUploader, TWG Flash Uploader and the Wordpress flash uploader.
It is currently 19. Oct 2017, 07:29

All times are UTC + 1 hour [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: 31. Dec 2007, 00:23 
Offline

Joined: 12. Nov 2007, 14:02
Posts: 17
twg flash uploader is allowing illegal linux file names to be uploaded. File names with quotes (') to be when uploaded cause problems with php and other scripts.

Is there any way the frontend can validate the file names before upload and reject with an error message to the webuser?


Top
 Profile  
 
 Post subject:
PostPosted: 3. Jan 2008, 18:46 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10496
if ' are not handled properly (escaped) in php they can cause trouble in script s that are not programmed well.

Flash does not support regular expressions. But I do add a string of not allowed characters in the next version of TFU.

Until then you should handle this problem on the php side before saving the file by e.g. replacing the ' with something else.

/Michael


Top
 Profile  
 
 Post subject:
PostPosted: 4. Jan 2008, 17:00 
Offline

Joined: 12. Nov 2007, 14:02
Posts: 17
I found this nice little php function to cleanup filenames i added it to the tfu_upload.php

Code:

After
if ($store) {

insert
$file['name'] = removeSpacesFromFileNames($file['name']);

at the bottom befor the ?> insert

function removeSpacesFromFileNames($imageName){
$patternCounter=0;
$patterns[$patternCounter] = '/[\x20-\x2d]/u'; // remove range of shifted characters on keyboard - !"#$%&'()*+,-
$patternCounter++;

$patterns[$patternCounter] = '/[\x5b-\x60]/u'; // remove range including brackets - []\^_`
$patternCounter++;

$patterns[$patternCounter] = '/[\x7b-\xff]/u'; // remove all characters above the letter z.  This will eliminate some non-English language letters
$patternCounter++;

$replacement ="_";

return preg_replace($patterns, $replacement, $imageName);
}


Top
 Profile  
 
 Post subject:
PostPosted: 4. Jan 2008, 17:09 
Offline
Site Admin
User avatar

Joined: 1. Aug 2005, 12:53
Posts: 10496
If this works for you that's fine.

But I cannot remove this characters by default. Spaces and special characters are needed like öäü [] ... are all valid characters.

TFU does even support chinese chars for upload. Therefore if you need a restriction you should simply keep your solution.

/Michael


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC + 1 hour [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO