Opened 9 years ago

Closed 9 years ago

#2000 closed Bug (fixed)

# sign is not escaped when uploading a file

Reported by: brondsem Owned by: fredck
Priority: Normal Milestone: FCKeditor 2.6
Component: File Browser Version: FCKeditor 2.5.1
Keywords: Confirmed Review+ Cc:


If I have a file with a pound sign # in it, it is not escaped when I upload it. Ticket #182 fixed most escaping issues, but using encodeURI() doesn't escape everything (e.g #). That's actually good since currently it's applied to the whole URI, and for characters like : and / we don't want those escaped in "http://" for example. See which shows the different encode functions.

My suggestion would be to NOT encode anything in javascript. Rather, update all connectors to encode the file name (and/or url). In php, this would use the rawurlencode() function. Then that fully-encoded file name would be appended to the unencoded domain+directory.

Attachments (1)

2000.patch (1.2 KB) - added by fredck 9 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 9 years ago by fredck

  • Keywords Confirmed added
  • Owner set to fredck
  • Status changed from new to assigned

Encoding it in the server side would make things too complex for us, and actually this is something that can be easily solved in the client side, also because the client code is responsible for returning the URL.

I'm attaching a patch for it.

Changed 9 years ago by fredck

comment:2 Changed 9 years ago by fredck

  • Keywords Review? added
  • Milestone set to FCKeditor 2.6
  • Version set to FCKeditor 2.5.1

comment:3 Changed 9 years ago by martinkou

  • Keywords Review+ added; Review? removed

Looks good to me. Since for any URI, the '#' is used for selecting document fragments only, which is useless for our use case (selecting files). So any '#' appearing in the URI can be safely assumed to be part of the file name instead, and thus replacing with '%23' should be safe.

comment:4 Changed 9 years ago by fredck

  • Resolution set to fixed
  • Status changed from assigned to closed

Fixed with [1692]. Click here for more info about our SVN system.

Note: See TracTickets for help on using tickets.
© 2003 – 2017 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy