Geeklog's Handling of Zip Files that have Files with Names not Compatible with the Web Servers OS #1101
Comments
|
The signature of the extract method of the split brain package contains a optional preg string to match include files and same for files to exclude. That would be a option to use and document it. |
|
Fixed with change set 1627670. Now valid characters are [0-9a-zA-Z_.-]. |
eSilverStrike
added
Bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue is a summary from a discussion found here: #1100 as reported by remyKobolski
It also is related somewhat to #1002
Before/while Geeklog extracts a zip file should we scan the file names to determine if they are all compatible with the current web server OS?
For example Windows Servers filenames can have ":" and Linux cannot.
Basically, unzipping the plugin should not allow to extract such files: skip files that begin with a dot, have unprintable names, or contains characters like ‘<‘, ‘>’, ‘!’, ‘?’.
If a file is found the extraction should be aborted since we have no idea if the file is actually required.
The main thing this affects is installing/updating plugins from a zip file.
The other option for this is we include a requirement for plugins that all filenames used are compatible with any OS of the Web servers Geeklog supports. We can state this in the Wiki (and what not to use). We already make other somewhat similar assumptions that the plugin zip file is setup in a certain way and contains certain files.
The text was updated successfully, but these errors were encountered: