This is an alpha, proof-of-concept module. It is intended as a starting point for those wanting to take the idea further and who will do their own due diligence around security. Use at your own risk.
This module bypasses the santization of filenames that is normally done by the ProcessWire core. It does some basic sanitization using $sanitizer->text() but this may not be sufficient for all circumstances.
If $sanitizer->text() interferes with special characters in your filenames you will have to add your own custom sanitization to the module.
Prior to version 7.1 (with internal_encoding set to UTF-8), PHP has problems working with files containing special characters on Windows. Read more here.
If you are running PW on Windows with PHP < 7.1 and want to use this module with filenames containing special characters you'll have some extra work to do.
- Download and install php-wfio.
- Copy the saveUpload() method code from /wire/core/WireUpload.php to WireUploadRenamed.php.
- Edit usages of rename() and move_uploaded_file() in this method to use php-wfio. See the documentation and the article mentioned above.
Install the Files Unrenamed module (FieldtypeFilesUnrenamed).
Create a new Files Unrenamed field and use as per a normal Files field.