Opened 17 years ago
Closed 17 years ago
#2000 closed Bug (fixed)
# sign is not escaped when uploading a file
Reported by: | Dave Brondsema | Owned by: | Frederico Caldeira Knabben |
---|---|---|---|
Priority: | Normal | Milestone: | FCKeditor 2.6 |
Component: | File Browser | Version: | FCKeditor 2.5.1 |
Keywords: | Confirmed Review+ | Cc: |
Description
If I have a file with a pound sign # in it, it is not escaped when I upload it. Ticket #182 fixed most escaping issues, but using encodeURI() doesn't escape everything (e.g #). That's actually good since currently it's applied to the whole URI, and for characters like : and / we don't want those escaped in "http://" for example. See http://xkr.us/articles/javascript/encode-compare/ which shows the different encode functions.
My suggestion would be to NOT encode anything in javascript. Rather, update all connectors to encode the file name (and/or url). In php, this would use the rawurlencode() function. Then that fully-encoded file name would be appended to the unencoded domain+directory.
Attachments (1)
Change History (5)
comment:1 Changed 17 years ago by
Keywords: | Confirmed added |
---|---|
Owner: | set to Frederico Caldeira Knabben |
Status: | new → assigned |
Changed 17 years ago by
Attachment: | 2000.patch added |
---|
comment:2 Changed 17 years ago by
Keywords: | Review? added |
---|---|
Milestone: | → FCKeditor 2.6 |
Version: | → FCKeditor 2.5.1 |
comment:3 Changed 17 years ago by
Keywords: | Review+ added; Review? removed |
---|
Looks good to me. Since for any URI, the '#' is used for selecting document fragments only, which is useless for our use case (selecting files). So any '#' appearing in the URI can be safely assumed to be part of the file name instead, and thus replacing with '%23' should be safe.
comment:4 Changed 17 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed with [1692]. Click here for more info about our SVN system.
Encoding it in the server side would make things too complex for us, and actually this is something that can be easily solved in the client side, also because the client code is responsible for returning the URL.
I'm attaching a patch for it.