News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Sanitize filenames during upload

Started by sandomatyas, November 30, 2023, 16:56:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

sandomatyas

November 30, 2023, 16:56:52 PM
When uploading media, VM utilizes vmUploader.uploadFile() for the process. Let's assume your filename is 'birdéá birdéá.jpg,' containing special characters and spaces. The method employs $safeMediaName = vmFile::makeSafe($media['name']);, but it yields the same result, 'birdéá birdéá.jpg.'

When dealing with unicode filenames, this approach may lead to several issues. Consider implementing additional filters. After the aforementioned step, you could add $media['name'] = JFile::makeSafe($media['name']);, which provides a nearly satisfactory result: 'birdea birdea.jpg.' However, note that JFile::makeSafe retains spaces, which may not be ideal. To address this, you can add another line: $media['name'] = preg_replace('/[^a-zA-Z0-9_\-.]/', '_', $media['name']);. This ensures the safest version of the original name: 'birdea_birdea.jpg.'

Code Select

$media['name'] = JFile::makeSafe( $media['name'] );
$media['name'] = preg_replace('/[^a-zA-Z0-9_\-.]/', '_', $media['name']);

What are your thoughts on this approach?
Print
Go Up Pages1
User actions