Active
Project:
Node Images
Version:
5.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
25 Mar 2008 at 18:01 UTC
Updated:
26 Mar 2008 at 08:20 UTC
Files containing a single quote in the name upload ok and get thumbnailed ok.
But when you click on a thumbnail, the popup doesn't shows.
I've found the problem in a lacking of escaping the file name, but I'm not sure if to use htmlspecialchars() or I should resort to some other (Drupal API friendly) function, but I'm a bit of lost in the Drupal API.
Plz, someone tell me and I'll be more than glad to fix and commit a patch.
Also, if some developer is reading I think it will be a 2 min fix, so feel free to go ahead, since I'm not too familiar with the commiting process :)
Thank you.
Comments
Comment #1
amonteroI've fixed it temporarily by adding an addslashes() call when the JS code is generated.
Comment #2
andypostI think it's better to setup md5-filenames
or change $file->filename = preg_replace('/[ \'"]+/', '_', $file->filename);