On Wednesday 17 February 2010 23:33:22 Evan Daniel wrote:
> On Wed, Feb 17, 2010 at 5:26 PM, xor <xor at gmx.li> wrote:
> > On Wednesday 17 February 2010 19:45:27 Evan Daniel wrote:
> >> On Wed, Feb 17, 2010 at 12:21 PM, Matthew Toseland
> >>
> >> <toad at amphibian.dyndns.org> wrote:
> >> > + private static final boolean operatingSystemIsWindows() { //
> >> > TODO: Move to the proper class + try {
> >> > + return
> >> > System.getProperty("os.name").toLowerCase().indexOf("win") >= 0; +
> >> > } catch(Throwable t) {
> >> > + return true; // :)
> >> > + }
> >> > + }
> >> >
> >> > IMHO this is dodgy, other OSs might have "win" in them. Normally we
> >> > just check if File.separator is "\".
> >> >
> >> > I am not convinced that the rest of the change is a good idea. For
> >> > example allowing HTML markup in filenames might combine with sloppy
> >> > code to cause problems. Allowing % in url's might again cause issues.
> >> > Allowing
> >> > pipes, <>, and spaces might cause problems with filenames copied to a
> >> > shell. I guess it should depend on the configuration i.e. how paranoid
> >> > the user is.
> >>
> >> Similarly, as I've mentioned on IRC, I think we should take a set of
> >> characters that will work on all common OSes (modern Windows, Linux,
> >> OSX, BSDs) and filter to that regardless of host OS, and that we
> >> should filter both on upload and download. This would make it vastly
> >> simpler to have one person upload a file, and then have a second
> >> download it and re-upload it and produce the same key. Inserts of the
> >> same file that produce different keys is going to be a continuing
> >> problem in making file sharing work well. Obviously as long as we
> >> include the filename in the metadata it's not completely solvable, but
> >> we can at least try to avoid making the problem any worse.
> >
> > I agree that we need re-inserts to work. It was one of my goals with the
> > new sanitizer: The old one removed very common characters such as
> > brackets. And as it is only being used when downloading files and not
> > when inserting them, people who have downloaded an affected file could
> > not reinsert it without renaming (which nobody will do).
> >
> > However, we cannot have a strict list of forbidden characters which is
> > applied for all operating systems because some OS forbid very common and
> > useful characters: Windows for example does not allow the question mark
> > "?" in filenames. This sucks. What would be acceptable is to have a
> > config option "Remove problematic characters from filenames when
> > downloading and uploading files" and have it enabled by default. This
> > should as the name says also change the current behavior to also sanitize
> > filenames before uploading.
> >
> > I don't really know how to properly implement configuration options in
> > fred but I could write the sanitizing code ... maybe someone can
> > implement the config option for me?
>
> That config option sounds like an entirely reasonable approach to me.
I will write the backend sanitize() function for it and toad will wire it in.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20100220/7a5b28e8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20100220/7a5b28e8/attachment.pgp>
