View Issue Details

IDProjectCategoryView StatusLast Update
0000335Adventure PHP FrameworkBugpublic2018-08-25 14:42
ReporterdaveAssigned ToChristianAchatz 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.4 
Target Version4.0Fixed in Version4.0 
Summary0000335: Filenames like "bootstrap.min.css" dont work with MediaInclusionTag
DescriptionFilenames with more than one "." in the filebody dont work, the "." is removed.
This is caused by the regular Expression in "getSanitizedFileBody()"-method of "StreamMediaAction".

I changed the regular Expression locally and added the "." to enable more than one "." in the filename.

Not working:
   private function getSanitizedFileBody() {
      return preg_replace('/[^A-Za-z0-9\-_]/', '', $this->getInput()->getParameter('filebody'));
   }

Working:
   private function getSanitizedFileBody() {
      return preg_replace('/[^A-Za-z0-9\-_.]/', '', $this->getInput()->getParameter('filebody'));
   }

So, maybe just add the "."? Some security issues?
TagsNo tags attached.
Codereferenz: ([Datei]:[Zeile])
Namespacetools

Activities

ChristianAchatz

2018-08-25 12:36

administrator   ~0000833

Hey dave,

thank you for reporting!

I've added the "." character as this has already prooven a good solution in JsCssInclusionAction.

ChristianAchatz

2018-08-25 12:37

administrator   ~0000834

See changes under https://github.com/AdventurePHP/code/commit/f9a82e2e8381ab52a8de789976b06ae9d525e79b.

Related Changesets

Import 2018-08-25 14:21:19: master f9a82e2e

2018-08-25 12:37:19

Christian Achatz

Details Diff
ID#335: fixed issues with "." characters in file names. Affected Issues
0000335
mod - tools/media/actions/StreamMediaAction.php Diff File

Issue History

Date Modified Username Field Change
2018-03-23 21:59 dave New Issue
2018-03-23 22:00 dave Description Updated View Revisions
2018-08-25 12:36 ChristianAchatz Note Added: 0000833
2018-08-25 12:37 ChristianAchatz Assigned To => ChristianAchatz
2018-08-25 12:37 ChristianAchatz Status new => resolved
2018-08-25 12:37 ChristianAchatz Resolution open => fixed
2018-08-25 12:37 ChristianAchatz Fixed in Version => 4.0
2018-08-25 12:37 ChristianAchatz Note Added: 0000834
2018-08-25 14:42 ChristianAchatz Changeset attached => Import 2018-08-25 14:21:19 master f9a82e2e