News:

Looking for documentation? Take a look on our wiki

Main Menu

Sanitize filenames during upload

Started by sandomatyas, November 30, 2023, 16:56:52 PM

Previous topic - Next topic

sandomatyas

When uploading media, VM utilizes vmUploader.uploadFile() for the process. Let's assume your filename is 'birdéá birdéá.jpg,' containing special characters and spaces. The method employs $safeMediaName = vmFile::makeSafe($media['name']);, but it yields the same result, 'birdéá birdéá.jpg.'

When dealing with unicode filenames, this approach may lead to several issues. Consider implementing additional filters. After the aforementioned step, you could add $media['name'] = JFile::makeSafe($media['name']);, which provides a nearly satisfactory result: 'birdea birdea.jpg.' However, note that JFile::makeSafe retains spaces, which may not be ideal. To address this, you can add another line: $media['name'] = preg_replace('/[^a-zA-Z0-9_\-.]/', '_', $media['name']);. This ensures the safest version of the original name: 'birdea_birdea.jpg.'


$media['name'] = JFile::makeSafe( $media['name'] );
$media['name'] = preg_replace('/[^a-zA-Z0-9_\-.]/', '_', $media['name']);

What are your thoughts on this approach?