Unable to view or delete an attachment with symbols in its name

288
Defect
ihenry
-
3.0
3.0
Tickets
Fixed
Normal
Normal
4 years ago
3 years ago
0

Description

What did you do to cause this?

Try to view an attachment with a space, !, bracket, comma, or other symbol in its name.

What page were you on?

/<project_slug>/tickets/<ticket_id>

What PHP and MySQL versions do you run?

PHP 5.4.7

MySQL 5.5.28

Describe the defect:

Attachments with only the characters a-z, A-Z, 0-9, -, _ and . work correctly. Attachments with other characters in their names can be uploaded, but cannot be viewed or deleted - a 404 page is returned.

Attachments

Ticket History

4 years and 11 months ago by ihenry

  • Added attachment traq-attachment-symbols.patch

This patch against git master removes the restrictions on attachment names in the routes for Attachments::view and Attachments::delete, the only character that is not allowed is a forward slash ('/'). It also URL-encodes the file names in attachment links, so attachments with names containing URL reserved characters such as '#' and '?' can be deleted.

4 years and 9 months ago by Jack

  • Closed ticket as Fixed