[closed] Uploaded media assets should not contain spaces


#1

Continuing the discussion from FarCry Workbench Project:

We need to double check (again) that all uploaded media assets are sanitised to not include illegal characters (with respect to the URL). Spaces (and other illegal chars) should be replaced with dashes -.


#2

@justincarter @blair where did we get with a review of media file name sanitisation?


#3

White spaces are still being left in the file name. (FC7.2.4)
There are a couple of instances where in lib.cdn.normalizePath()
reReplaceNoCase(arguments.path, "[^a-z0-9\.\-\_/ ]","", "all")
should possibly be
reReplaceNoCase(arguments.path, "[^a-z0-9\.\-\_/]","", "all")
I’d do a pull request but this does mess with existing files and the formtool displaying the images.
sanitizeFilename() (which should do the job) doesn’t look like it’s being called by anything. Is that right?

Phil


#4

I just discovered that a site that I’d updated to 7.x last year (possibly started life as a 5.x) had issues with the image library if the image file names weren’t santitised originally. eg mypic (2).jpg . If you tried to edit the image (eg the title,alt) it would loose the actual image files completely because farcry would sanitise the path in the DB but not the file itself.
So I created a little script to run over the images in the image library and sanitise both the entries in the DB and files themselves.
It might be helpful for someone in crisis (as I was).
Phil

<cfset qImages = application.fapi.getcontentobjects(typename="dmImage")>
<cfset oIMG = createobject("component",application.stCOAPI['dmImage'].packagepath)>
<cfset lImageVarNames = "sourceimage,standardimage,thumbnailimage" />
<cfset bTest = true><!--- change this to false when your ready to do the changes --->
<cfif bTest>
<h2>This is just test run</h2>
</cfif>
<ul>
<cfloop query="qImages">
<cfset sImage = application.fapi.getcontentobject(objectid="#qImages.objectid#")> 
<cfoutput><li><strong>#sImage.title#</strong></li></cfoutput>
<!--- create a new normalised path and name --->
<cfloop index="i" list="#lImageVarNames#">
    <cfset "New#i#" = application.fc.lib.cdn.normalizePath(evaluate("sImage."&i))>
</cfloop>

<!--- rename the file --->
<cfloop index="i" list="#lImageVarNames#">
<cftry>
    <cfif evaluate("New"&i) NEQ evaluate("sImage."&i)>
    <cfoutput><li>Renaming #i# to #evaluate("New"&i)#</li></cfoutput>
        <cfif NOT bTest>
            <cffile  action = "rename" destination = "#ExpandPath(evaluate("New"&i))#" source = "#ExpandPath(evaluate("sImage."&i))#">
        </cfif>
    <cfelse>
    <cfoutput><li>No Rename required for #i#</li></cfoutput>
    </cfif>
<cfcatch><cfoutput><li>Error #cfcatch.Detail#</li></cfoutput></cfcatch>
</cftry>
</cfloop>
<!--- update the image locations in the struct --->
<cfloop index="i" list="#lImageVarNames#">
    <cfset "sImage.#i#" = evaluate("New"&i)>
</cfloop>

<!--- set the data ---->
<cfif NOT bTest>
    <cfset oIMG.setData(stProperties=sImage,user='admin')>
</cfif>
</cfloop>
</ul>

#5

Filenames are now sanitized for file uploads, fixed in this ticket for the head of p700, p710 and p720:
https://farcry.jira.com/browse/FC-3085