Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Upload class prefixes dots in file name with underscore #1380
I just discovered that if you use a dot in the file name in your config using the Upload class, it converts all but the first dot to UnderscoreDot. I have to rename manually if I want more than one dot in the file name.
Creates/renames the file to:
Probably something to do with the feature that allows the file extension to be missing in
Tested with CI 2.1.0
This is a security feature related to the potential vulnerability discussed here: http://httpd.apache.org/docs/1.3/mod/mod_mime.html#multipleext
Maybe it would be cleaner if the dots inside the filename are removed completely?
This comment has been minimized.
This comment has been minimized.Show comment Hide comment
I see, it's an edge case but could be relevant, and CI always errs on the side of caution rather than let developers shoot themselves in the foot. This is only relevant when the developer is specifying a file name, but that specified name could itself contain unknown characters (user input, etc.)...
Some background on my case: I had to convert uploads to an existing file name convention that included dots to separate time intervals, like
If the only question is what to replace the dots with, I would say just use dash or underscore - not
To create this file name:
...and not this one:
Same applies if the dots were just removed, the segment to the right should be the file extension.
Looking at the code that adds the underscores, I do find something rather illogical:
Why would an underscore be added when the chunk being checked is not a valid (and of course known) MIME type? That edge case should be expected in the exactly opposite condition. @derekjones @wesbaker