Change message to show the file name in the error#3797
Change message to show the file name in the error#3797avenirer wants to merge 2 commits intobcit-ci:developfrom avenirer:patch-8
Conversation
When doing multiple file uploads, the user won't know what file is the error related to. This way the upload library will give more information in the errors.
|
The wording feels a bit off and there's a potential security issue (similar to the one that triggered the 2.2.2 release) in simply outputting a user-submitted file name ... I'd rather not have it that way by default, you can always configure your own lang lines. |
|
Actually is not a security issue, it only outputs the file name prepared by the library. Regarding the wording, it can at any time be changed by any pull request :) |
|
That "prepared by the library" filename is often just the user-submitted filename as is ... |
|
Of course is the user-submitted filename. That is what the user needs to know when an error appears. Anyway, the only point at which we could talk about security issues would be in the _prep_filename() method. So, if something bad happens it can only happen if it passes that function, with or without the lines I wrote in this PR. |
2 participants
When doing multiple file uploads, the user won't know what file is the error related to. This way the upload library will give more information in the errors.