Ticket #2000 (closed Bug: fixed)

Opened 6 years ago

Last modified 6 years ago

# sign is not escaped when uploading a file

Reported by: brondsem Owned by: fredck
Priority: Normal Milestone: FCKeditor 2.6
Component: File Browser Version: FCKeditor 2.5.1
Keywords: Confirmed Review+ Cc:

Description

If I have a file with a pound sign # in it, it is not escaped when I upload it. Ticket #182 fixed most escaping issues, but using encodeURI() doesn't escape everything (e.g #). That's actually good since currently it's applied to the whole URI, and for characters like : and / we don't want those escaped in "http://" for example. See http://xkr.us/articles/javascript/encode-compare/ which shows the different encode functions.

My suggestion would be to NOT encode anything in javascript. Rather, update all connectors to encode the file name (and/or url). In php, this would use the rawurlencode() function. Then that fully-encoded file name would be appended to the unencoded domain+directory.

Attachments

2000.patch (1.2 KB) - added by fredck 6 years ago.

Change History

comment:1 Changed 6 years ago by fredck

  • Keywords Confirmed added
  • Status changed from new to assigned
  • Owner set to fredck

Encoding it in the server side would make things too complex for us, and actually this is something that can be easily solved in the client side, also because the client code is responsible for returning the URL.

I'm attaching a patch for it.

Changed 6 years ago by fredck

comment:2 Changed 6 years ago by fredck

  • Keywords Review? added
  • Version set to FCKeditor 2.5.1
  • Milestone set to FCKeditor 2.6

comment:3 Changed 6 years ago by martinkou

  • Keywords Review+ added; Review? removed

Looks good to me. Since for any URI, the '#' is used for selecting document fragments only, which is useless for our use case (selecting files). So any '#' appearing in the URI can be safely assumed to be part of the file name instead, and thus replacing with '%23' should be safe.

comment:4 Changed 6 years ago by fredck

  • Status changed from assigned to closed
  • Resolution set to fixed

Fixed with [1692]. Click here for more info about our SVN system.

Note: See TracTickets for help on using tickets.
© 2003 – 2012 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy