Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Add Inventory item, Image upload failed...
09-11-2019, 11:23 AM, (This post was last modified: 09-11-2019, 12:50 PM by TurboPT.)
#17
RE: Add Inventory item, Image upload failed...
Tim, looking at the Stocks.php handling, the situation may be easier to solve than expected? (and possibly save some time and trouble messing with all the other scripts?)

The image file upload handling from lines 84 to 121 has the potential to use the $StockID as-is before checking for any illegal characters, which is not done until line 157.
Assuming no issues with the other file checks, a (potentially) bad StockID will be moved/used at line 119.

Not sure if we have this situation anywhere else, but noted this last night digging in to why only Stocks.php seemed to suddenly have this issue, brought to light by Alex's situation.

Apparently, it has been this way for awhile.
The only caveat that I can think about at the immediate moment, is the impact to existing stockID's that already have / in use.

=====

The / does not seem to be trouble for URLs, as we pass StockID around quite a bit, and this character has not been restricted, but IS a problem when it comes to file naming.
Will we need separate handling for file names vs URLs? (I hope not, but I'm open to any ideas/thoughts for best handling)

It seems that Windows has far more restrictions on file/directory characters (and naming) that can be used with Linux.

The Windows list looks more like our current illegal character set:
https://docs.microsoft.com/en-us/windows...tory-names Wrote:Use any character in the current code page for a name, including Unicode characters and characters in the extended character set (128–255), except for the following:

The following reserved characters:
< (less than)
> (greater than)
: (colon)
" (double quote)
/ (forward slash)
\ (backslash)
| (vertical bar or pipe)
? (question mark)
* (asterisk)

Integer value zero, sometimes referred to as the ASCII NUL character.

Characters whose integer representations are in the range from 1 through 31, except for alternate data streams where these characters are allowed. For more information about file streams, see File Streams.

Any other character that the target file system does not allow.

Do not use the following reserved names for the name of a file:

CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7,
COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and
LPT9. Also avoid these names followed immediately by an extension; for example, NUL.txt is not recommended.

Linux:
https://unix.stackexchange.com/a/155836 Wrote:You can use any characters except for null and / within a filename in modern Unix and Linux filesystems.

So I'm not sure if adding the / to the current illegal character handling is best, for most of those can be used with file names, depending on the system.
Reply


Messages In This Thread
RE: Add Inventory item, Image upload failed... - by TurboPT - 09-11-2019, 11:23 AM

Forum Jump:


Users browsing this thread: 1 Guest(s)