Skip to content
Permalink
Browse files

Fixed EZP-20090 - Cluster: images with name containing quotes disappe…

…ar after discarding a draft of a published object
  • Loading branch information...
Jérôme Vieilledent
Jérôme Vieilledent committed Dec 3, 2012
1 parent 2b4aa08 commit 46e1da23b84690bba74f25345e1142a06dfbca59
Showing with 13 additions and 2 deletions.
  1. +2 −1 index_cluster.php
  2. +11 −1 kernel/classes/datatypes/ezimage/ezimagefile.php
@@ -87,7 +87,8 @@
require_once $clusterGatewayFile;
$gateway = ezpClusterGateway::getGateway();
$filename = ltrim( $_SERVER['REQUEST_URI'], '/' );
// Use rawurldecode() because if the file contains " characters, they are url encoded.
$filename = rawurldecode( ltrim( $_SERVER['REQUEST_URI'], '/' ) );
if ( ( $queryPos = strpos( $filename, '?' ) ) !== false )
$filename = substr( $filename, 0, $queryPos );
@@ -104,7 +104,17 @@ static function fetchImageAttributesByFilepath( $filepath, $contentObjectAttribu
$contentObjectID = (int)( $rows[0]['contentobject_id'] );
$contentClassAttributeID = (int)( $rows[0]['contentclassattribute_id'] );
$filepath = $db->escapeString( $filepath );
// Transform ", &, < and > to entities since they are being transformed in entities by DOM
// See eZImageAliasHandler::initialize()
// Ref https://jira.ez.no/browse/EZP-20090
$filepath = $db->escapeString(
htmlspecialchars(
$filepath,
// Forcing default flags to be able to specify encoding. See http://php.net/htmlspecialchars
version_compare( PHP_VERSION, '5.4.0', '>=' ) ? ENT_COMPAT | ENT_HTML401 : ENT_COMPAT,
'UTF-8'
)
);
// Escape _ in like to avoid it to act as a wildcard !
$filepath = addcslashes( $filepath, "_" );
$query = "SELECT id, version

0 comments on commit 46e1da2

Please sign in to comment.
You can’t perform that action at this time.