Problem with image popup in filenames with single quote (')
amontero - March 25, 2008 - 18:01
| Project: | Node Images |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
Files containing a single quote in the name upload ok and get thumbnailed ok.
But when you click on a thumbnail, the popup doesn't shows.
I've found the problem in a lacking of escaping the file name, but I'm not sure if to use htmlspecialchars() or I should resort to some other (Drupal API friendly) function, but I'm a bit of lost in the Drupal API.
Plz, someone tell me and I'll be more than glad to fix and commit a patch.
Also, if some developer is reading I think it will be a 2 min fix, so feel free to go ahead, since I'm not too familiar with the commiting process :)
Thank you.
#1
I've fixed it temporarily by adding an addslashes() call when the JS code is generated.
#2
I think it's better to setup md5-filenames
or change $file->filename = preg_replace('/[ \'"]+/', '_', $file->filename);