I didn't program MediaWiki, but on Wikipedia it seems to be working
well. I just realize that we haven't solved that problem with charset, I
have just changed charset sent by php ... you're right with "double
encoding" to utf-8, Apache/php think that it is something else and
encode it once more. But how can we tell php that it is in utf-8? I
don't know. :-D Can it be called bug when there is no way to detect
charset of uploaded filename?
André Warnier wrote:
Jiří Eichler wrote:
Man you are incredible.
I had to leave that part..
...
(I removed the part about the idiot however..)
...
I didn't think that it is problem with php, it ran on Linux well.
It runs under Linux well, probably /only/ because the locale of the
process under which Apache + PHP is started, is a UTF-8 locale.
So by default, PHP is considering the filename string as UTF-8, and
you do not see the problem.
But if you want to make this really portable, you should also make
sure it always does it right under whatever OS and whatever locale.
Unfortunately, it is not easy, because the browser does not actually
tell you in which character set it sends the filename. So you have to
"believe" that this is /your/ <form>, and that the browser does it
correctly.
I still think that it is a bad idea to save the file under the
original name given by the browser, for a number of reasons.
Let me give you a couple more reasons :
1) It is easy for a hacker, to create his own "HTTP agent" (browser).
He does not even have to create one, there are many programs available
that do that.
This client could send you a file named
"myfile.txt > /etc/passwd"
or "file.txt ; rm -r /*"
Then you, on the server, use that filename in another command, like
system("cat" . $filename . " > myotherfile");
Got the idea ?
2) I once designed an application like that, for normal users, not
hackers. And they used it for a long time, without problems.
Then one day, years later, I had to move all these thousands of
uploaded files to another system. So, I used "tar" to create an
archive of these files, to move them to the other system.
Unfortunately, tar was crashing about every 50 files, because it got a
filename that it could not handle, like
"My grand-mother At the <Pizza Hut>. Near the place of John & Maria".png
(that being a simple case)
So it took me a lot of hours to move these files.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org