|
[
Permalink
| « Hide
]
Petr Skoda added a comment - 08/Jan/09 07:31 PM
Sorry, we are not going to support characters like "':|<>&? etc in file names. It is not just about allowing them, we would need to review all main code base and contrib and fix the code.
I am not suggesting you support reserved OS filename characters, just the humble apostrophe and only in those two cases!
The first is simple, the inline HTML contains: <a onclick="return set_value('AC Circuits/M2012601_C001-D3000.1.2.-.AC.Circuits-Sinusoidal.Alternating.Waveforms.zip')" href="#">Choose</a> However, when the apostrophe is there the JavaScript string becomes syntactically invalid. All that needs to be done is to replace apostrophes in the string with their escaped form of \' (in this case). it should not be possible to upload a file with ' in its name, the only way should to extract zip package using platform infozip binary, going to test your file now
did you ftp the file to server, or how did you get it there? When I uploaded it the ' was removed (M2340001_C019-HSA1.Workshop.Health.and.Safety-Chemical.Paint.Remover..Air.Con.Refrigerant.zip).
The files were FTP'd to the server (since there is 162 of them)
When I try importing the example package I receive the error: Our Moodle instance is 1.9.3+ (Build: 20081217) No mention of apostrophe as a reserved file name character at:
http://en.wikipedia.org/wiki/Filename#Reserved_characters_and_words  I does not matter if they are mentioned, our problems were XSS caused by " or ' in file names/directories - very many devs are forgetting to urlencode/decode them properly.
That sounds to me more like a problem with the developers than the apostrophe
 The question is who is going to fix all the developers :-D
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Bug
Resolved
Minor
Lacking Apostrophe Support
 |
|
All content on this web site is made available under the GNU General Public License, unless otherwise stated.
