[#MDL-17820] Lacking Apostrophe Support - Moodle Tracker

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 1.9.3
Fix Version/s: None
Component/s: Files API
Labels:
None
Environment:
Debian Linux

Database:

MySQL
Difficulty:
Easy
Affected Branches:
MOODLE_19_STABLE

Description

If I upload a SCORM package containing an apostrophe in its name then the "Choose or Upload File..." pop-up window prevents me from selecting it with the "Choose" link due to JavaScript error (basic string handling fault). If I enter the name of the SCORM package myself manually in the Package file field then attempting to import it results in another failure claiming invalid manifest or corrupt file. If I rename the package to exclude the apostrophe the import works normally.

Apostrophes within filenames are supported in Windows FAT32, NTFS and virtually all Linux file systems.

See attached SCORM 1.2 package for test case (351 kB).

More Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

$i18n.getText("admin.common.words.hide")
M2340001_C019-HSA1.Workshop.Health.and.Safety-Chemical.Paint.Remover.&.Air.Con'.Refrigerant.zip

08/Jan/09 6:59 PM

352 kB

Peter Chamberlin
adlcp_rootv1p2.xsd 4 kB

imscp_rootv1p1p2.xsd 14 kB

imsmanifest.xml 5 kB

imsmd_rootv1p2p1.xsd 22 kB

ims_xml.xsd 1 kB

M2340001/C019/images/CP10.swf 2 kB

M2340001/C019/images/CP3.swf 3 kB

M2340001/C019/images/CP4image1.swf 4 kB

M2340001/C019/images/CP4image2.swf 3 kB

M2340001/C019/images/CP6.swf 2 kB

M2340001/C019/images/CP7.swf 71 kB

M2340001/C019/images/CP8.swf 3 kB

M2340001/C019/images/CP9.swf 62 kB

M2340001/C019/images/DoandDonts.doc 31 kB

M2340001/C019/images/hand cream.jpg 12 kB

M2340001/C019/.../Harzardous Products.jpg 9 kB

M2340001/C019/images/no smoking.gif 11 kB

M2340001/C019/images/waring.gif 6 kB

M2340001/C019/Page001.htm 15 kB

M2340001/theme/images/backgrnd.gif 2 kB

M2340001/theme/images/banner_left.gif 1.0 kB

M2340001/theme/images/banner_right.gif 1.0 kB

M2340001/theme/images/banner_spacer.gif 0.8 kB

M2340001/theme/images/submit.gif 1.0 kB

M2340001/theme/images/submit_down.gif 1.0 kB

M2340001/theme/images/submit_over.gif 0.9 kB

M2340001/theme/localstyle.css 6 kB

M2340001/theme/.../AC_RunActiveContent.js 3 kB

metadata.xml 6 kB

system/graph.js 5 kB

Showing 30 of 78 items Download Zip
$i18n.getText("admin.common.words.show")

M2340001_C019-HSA1.Workshop.Health.and.Safety-Chemical.Paint.Remover.&.Air.Con'.Refrigerant.zip

08/Jan/09 6:59 PM

352 kB

Peter Chamberlin

Issue Links

This issue duplicates:
MDL-6733	"unzip" uploaded windows-zip-files (filenames have german umlaute äüöß) in coursefiles, the filenames apears very strange (non readable)

This issue has a non-specific relationship to:
MDL-9703	Files with special characters in file names can't be deleted
MDL-11468	standardise all filenamse when unzipping
MDL-2307	Special characters left in filenames after unzipping
MDL-14231	Files accidentally uploaded with apostrophes in the filename can't be deleted.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Petr Škoda (skodak) added a comment - 08/Jan/09 7:31 PM

Sorry, we are not going to support characters like "':|<>&? etc in file names. It is not just about allowing them, we would need to review all main code base and contrib and fix the code.

Show

Petr Škoda (skodak) added a comment - 08/Jan/09 7:31 PM Sorry, we are not going to support characters like "':|<>&? etc in file names. It is not just about allowing them, we would need to review all main code base and contrib and fix the code.

Hide

Permalink

Peter Chamberlin added a comment - 08/Jan/09 7:39 PM

I am not suggesting you support reserved OS filename characters, just the humble apostrophe and only in those two cases!

The first is simple, the inline HTML contains:

<a onclick="return set_value('AC Circuits/M2012601_C001-D3000.1.2.-.AC.Circuits-Sinusoidal.Alternating.Waveforms.zip')" href="#">Choose</a>

However, when the apostrophe is there the JavaScript string becomes syntactically invalid. All that needs to be done is to replace apostrophes in the string with their escaped form of \' (in this case).

Show

Peter Chamberlin added a comment - 08/Jan/09 7:39 PM I am not suggesting you support reserved OS filename characters, just the humble apostrophe and only in those two cases! The first is simple, the inline HTML contains: <a onclick="return set_value('AC Circuits/M2012601_C001-D3000.1.2.-.AC.Circuits-Sinusoidal.Alternating.Waveforms.zip')" href="#">Choose</a> However, when the apostrophe is there the JavaScript string becomes syntactically invalid. All that needs to be done is to replace apostrophes in the string with their escaped form of \' (in this case).

Hide

Permalink

Petr Škoda (skodak) added a comment - 08/Jan/09 7:46 PM

it should not be possible to upload a file with ' in its name, the only way should to extract zip package using platform infozip binary, going to test your file now

Show

Petr Škoda (skodak) added a comment - 08/Jan/09 7:46 PM it should not be possible to upload a file with ' in its name, the only way should to extract zip package using platform infozip binary, going to test your file now

Hide

Permalink

Petr Škoda (skodak) added a comment - 08/Jan/09 7:48 PM

did you ftp the file to server, or how did you get it there? When I uploaded it the ' was removed (M2340001_C019-HSA1.Workshop.Health.and.Safety-Chemical.Paint.Remover..Air.Con.Refrigerant.zip).

Show

Petr Škoda (skodak) added a comment - 08/Jan/09 7:48 PM did you ftp the file to server, or how did you get it there? When I uploaded it the ' was removed (M2340001_C019-HSA1.Workshop.Health.and.Safety-Chemical.Paint.Remover..Air.Con.Refrigerant.zip).

Hide

Permalink

Peter Chamberlin added a comment - 08/Jan/09 8:03 PM

The files were FTP'd to the server (since there is 162 of them)

When I try importing the example package I receive the error:
"The specified package/manifest is not valid. Check it and try again."

Our Moodle instance is 1.9.3+ (Build: 20081217)

Show

Peter Chamberlin added a comment - 08/Jan/09 8:03 PM The files were FTP'd to the server (since there is 162 of them) When I try importing the example package I receive the error: "The specified package/manifest is not valid. Check it and try again." Our Moodle instance is 1.9.3+ (Build: 20081217)

Hide

Permalink

Peter Chamberlin added a comment - 08/Jan/09 9:19 PM

No mention of apostrophe as a reserved file name character at:
http://en.wikipedia.org/wiki/Filename#Reserved_characters_and_words

Show

Peter Chamberlin added a comment - 08/Jan/09 9:19 PM No mention of apostrophe as a reserved file name character at: http://en.wikipedia.org/wiki/Filename#Reserved_characters_and_words

Hide

Permalink

Petr Škoda (skodak) added a comment - 08/Jan/09 10:14 PM

I does not matter if they are mentioned, our problems were XSS caused by " or ' in file names/directories - very many devs are forgetting to urlencode/decode them properly.

Show

Petr Škoda (skodak) added a comment - 08/Jan/09 10:14 PM I does not matter if they are mentioned, our problems were XSS caused by " or ' in file names/directories - very many devs are forgetting to urlencode/decode them properly.

Hide

Permalink

Peter Chamberlin added a comment - 08/Jan/09 10:18 PM

That sounds to me more like a problem with the developers than the apostrophe

Show

Peter Chamberlin added a comment - 08/Jan/09 10:18 PM That sounds to me more like a problem with the developers than the apostrophe

Hide

Permalink

Petr Škoda (skodak) added a comment - 08/Jan/09 10:42 PM

The question is who is going to fix all the developers :-D

Show

Petr Škoda (skodak) added a comment - 08/Jan/09 10:42 PM The question is who is going to fix all the developers :-D

People

Assignee:

Petr Škoda (skodak)

Reporter:

Peter Chamberlin

Tester:

Nobody

Participants:

Peter Chamberlin, Petr Škoda (skodak)

Vote (0)

Watch (0)

Dates

Created:

08/Jan/09 6:59 PM

Updated:

17/Dec/10 1:36 PM

Resolved:

08/Jan/09 7:31 PM