Thank you for reply. > function cleanFilenameDocument($name) Yes,I can modify it.
I wan't to know there is what kind of security risk if we don't use this function. For example,SQL injection attacks is disturbing.How much concern should we pay? Regards. +----------------------------------+ + Naoki Tsujimoto/A.C.Wartz & Co. + + <[email protected]> + +----------------------------------+ > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of MoYo > Sent: Tuesday, January 06, 2009 4:18 AM > To: Liste de diffusion des utilsateurs de GLPI > Subject: Re: [Glpi-user] an issue of 2bytes charactor file name > > ?? ?? a écrit : > > Hi to everyone, > > > > My name is Tsujimoto,translator of the GLPI > internationalisation ja_JP. > > > > We have an issue in keeping and managing documents in GLPI. > > When we upload documents with a file name of 2 bytes from > Windows PC, the file name has been transformed into > meaningless word(but we can download them normally). > > Japanese language needs 2 bytes, therefore, this is a > crucial issue to GLPI usage for Japanese language user. > > It would be very much appreciated if you provide us with a > solution for this issue. > > > > Hi, > > For security reason we clean filename before saving it using > this function : > /** > * Clean a filename to keep alphanum chars + -_. > * > * @param name filename to clean > **/ > function cleanFilenameDocument($name){ > return preg_replace("/[^a-zA-Z0-9\-_\.]/","_",$name); > } > > > You can modify it for the moment. > After we can study the fact that this cleaning is optional or > find another cleaning process. > > What do you think about that ? > > Regards > > Julien > > > _______________________________________________ > Glpi-user mailing list > [email protected] > https://mail.gna.org/listinfo/glpi-user > _______________________________________________ Glpi-user mailing list [email protected] https://mail.gna.org/listinfo/glpi-user
