Item12640: don't screw up filenames
Priority: Enhancement
Current State: Closed
Released In: n/a
Target Release:
Calling
$fileName = Foswiki::Sandbox::untaint($fileName, \&Foswiki::Sandbox::validateAttachmentName);
will rewrite the
fileName
in a rather unexpected way: it removes all suspicious characters - like a space. Uploading it to foswiki these chars not passing the
{NameFilter}
as configured in
LocalSite.cfg
will be rewritten
using underscores. Not so Foswiki::Sandbox::validateAttachmentName ... which renders it useless for xsendfile (and viewfile actually too).
--
MichaelDaum - 06 Nov 2013