Unable to view or delete an attachment with symbols in its name - Tickets - Traq

#288 - Unable to view or delete an attachment with symbols in its name

Type Defect

Status Fixed

Milestone 3.0

Version 3.0

Component Tickets

Priority Normal

Severity Normal

Owner ihenry

Assigned to -

Reported 12 years ago

Updated 10 years ago

Votes 0

Related tickets

Proposed time

Worked time

What did you do to cause this?

Try to view an attachment with a space, !, bracket, comma, or other symbol in its name.

What page were you on?

/<project_slug>/tickets/<ticket_id>

What PHP and MySQL versions do you run?

PHP 5.4.7

MySQL 5.5.28

Describe the defect:

Attachments with only the characters a-z, A-Z, 0-9, -, _ and . work correctly. Attachments with other characters in their names can be uploaded, but cannot be viewed or deleted - a 404 page is returned.

Attachments

traq-attachment-symbols.patch, 12 years ago by ihenry

Ticket History

12 years and 1 month ago by ihenry

Attached traq-attachment-symbols.patch

This patch against git master removes the restrictions on attachment names in the routes for Attachments::view and Attachments::delete, the only character that is not allowed is a forward slash ('/'). It also URL-encodes the file names in attachment links, so attachments with names containing URL reserved characters such as '#' and '?' can be deleted.

Jack closed as Fixed 12 years ago