Summary
There is an input/display interaction problem with the File widget edit form's "Allowed file extensions" input field.
Current Operation
- The "Allowed file extensions" field allows extensions to be separated by either a space or a comma. e.g. "txt doc rtf"
- When it displays the extensions, they are separated by both a space and a comma. e.g. "txt, doc, rtf"
- The field has a length restriction of 128.
Problem Statement
It is possible to enter field data which can be saved once, but not can be saved if the field is edited at a later time.
Example
- If you enter a list of 30 extensions, each 3 characters long separated by a space, the line length is 119 characters (30x4-1) and will be saved.
- When the field is displayed on the next edit the field value now has an extra character per extension. The space has been transformed into a space plus comma. The length is now 148 characters (30x5-2) and can not be saved.
- Error message: Allowed file extensions cannot be longer than 128 characters but is currently 148 characters long
Work Around
Edit the field content to remove commas or spaces.
Possible Solutions
- Display the extensions separated by only a space
- Make the length checking sophisticated enough to take the input and display differences into account
Comment | File | Size | Author |
---|---|---|---|
#56 | 1708476-56.patch | 3.99 KB | Lendude |
| |||
#56 | interdiff-1708476-54-56.txt | 740 bytes | Lendude |
#54 | 1708476-54.patch | 3.12 KB | Lendude |
#54 | 1708476-54-TEST_ONLY.patch | 1.82 KB | Lendude |
#43 | 1708476-43.patch | 4.89 KB | aerozeppelin |
Issue fork drupal-1708476
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
Comments
Comment #1
Danny EnglanderI think this is probably related, I just ran into this issue myself. Once it's done for Drupal 8, it will hopefully be back-ported for Drupal 7.Comment #2
marcingy CreditAttribution: marcingy commentedDuplicate of #997900: Not possible to allow uploading files with any file extension
Comment #3
dale42This is not a duplicate of #997900. That issue refers to the inability of using a wild card or some other method to allow any file to be uploaded.
This issue refers to a case where it is possible to enter a string of extensions and then not be able to go back and edit/save the form because the system has displayed the string differently, making it longer than the allowable field length. i.e. It's possible to save a string of file extensions and not be able to subsequently edit/change it.
The extremely long field length solution in #997900 would mitigate this issue, but if the separation character is changed from " " to ", " the issue could still occur.
Comment #4
Danny Englander@dale42 -- Thanks for the clarification, that makes sense now, indeed they do sound like different issues.
Comment #5
acbramley CreditAttribution: acbramley commentedEncountered the maxlength problem when trying to...well...add more than 128 characters. I don't see why this limitation would exist. Here's a patch to increase it to 255.
Comment #6
boyan.borisov CreditAttribution: boyan.borisov commentedComment #7
vacho CreditAttribution: vacho commentedThis patch works (#5)
Comment #8
WebSinPat CreditAttribution: WebSinPat commentedpatch in #5 works for me.
Comment #9
seanrThis same bug afflicts the file_entity module. I can confirm that this same fix works in both instances with no adverse effects. Marking RTBC.
Comment #10
ar-jan CreditAttribution: ar-jan commentedChanging version, since this isn't fixed yet.
Comment #11
David_Rothstein CreditAttribution: David_Rothstein commentedAs far as I can see, this affects Drupal 8 too, so would need to be fixed there first.
Comment #12
BoobaaHere's a forward port of #5 to D8.
Comment #13
BoobaaHere's another patch that:
I don't know if a test is necessary; probably not, as there were no tests for the 128-character limit either. That limit of 128 characters is implicitly added by Form API: a textfield's default #maxlength is 128. OTOH, the 255-character limit is just a bit higher: it could be even 1024 or 65535 or 2,147,483,648 or just about any size a config entity setting can hold.
Comment #14
jhedstromSeems if we're going to bother changing it, it should go up to at least 1024.
A test here, particularly one for the commas the form builder adds, that shows the current failure and illustrates the fix would be valuable I think.
Also, the current patch no longer applies.
Comment #15
jhedstromComment #16
gbisht CreditAttribution: gbisht commentedPatch Rerolled!
Comment #17
msound CreditAttribution: msound commentedReviewing...
Comment #18
msound CreditAttribution: msound commentedPatch #16 does not work. `form_error` is an undefined function in D8.
Also, when I add a new extenstion and save and come back to the form, my extension is missing.I'm working on a patch.
Comment #19
manningpete CreditAttribution: manningpete commentedPatch applies, removing reroll.
Comment #20
msound CreditAttribution: msound commentedThis patch builds on top of work done already. The problem with patches #13 and #16 is that they use D7's `form_error` function, which is not defined in D8. It appears that simple test is passing for those patches because the testing does not flow through that code. So, I've written additional simple tests.
Comment #21
msound CreditAttribution: msound commentedChanged the assert in #20 to a better one.
Comment #22
jhedstromThanks for adding a test! Can you upload a separate patch file that only includes the test so it can illustrate the current failure?
Comment #23
msound CreditAttribution: msound commentedThis patch is only to demonstrate the current failure in the "allowed extensions" field.
@jhedstrom Do you want me to re-roll #21 with this modification (hitting "save" twice) for regression purposes?
Comment #25
jhedstrom@msound sure, but also perhaps update the code comment as to why the double save is needed?
Comment #26
mgiffordComment #27
BarisW CreditAttribution: BarisW at LimoenGroen commentedIt might be me, but why do we make it so hard for people to enter file extensions? Does it really matter how people enter the extensions?
It's quite easy to filter out comma's, spaces and semicolons.
Can't we simply remove the description and explode on several characters, something like:
Then we sure need to fix the issue with length of the textfield. Let's increase it to 255 and set a #max_length to 200?
Comment #28
jhedstromAllowing different separators makes sense to me.
The length is already at 256--this patch bumps to 1024.
Comment #29
msound CreditAttribution: msound commentedComment #30
msound CreditAttribution: msound at Synduit commentedThis is a re-roll of #23 with clear comments. This patch should FAIL thereby proving the bug exists in core.
Comment #31
msound CreditAttribution: msound at Synduit commentedI am working on re-rolling patch #21 to include the above simpletest in patch #30.
Comment #32
msound CreditAttribution: msound at Synduit commentedPatch attached. This patch ensures that only space is used as the delimiter. This way user can make full use of the allowed 1024 characters.
This patch also cleans user input, so even if they entered periods or commas, the input will be cleaned up and accepted.
Comment #33
adamexmachina CreditAttribution: adamexmachina commentedI'm working on this at DrupalCon LA.
Comment #34
adamexmachina CreditAttribution: adamexmachina commentedI have tested patch #32 and it works for me.
+1
Comment #35
bnjmnmI'm at DrupalCon and reviewing this patch
Comment #36
BoobaaI'm not at DrupalCon LA (oh wait, it's over), but had a look at the patch in #32 and it looks good. I'm not marking as RTBC because I haven't tested it.
Comment #37
mgiffordI looked over the code. I also compared it to the site without the patch. This is a simper way forward:
I also confirmed I could us a much longer string - "txt doc wpd rdf drd3 fed3 def2 pwd pwd3 d4 de df dag ded ed dad rad nad tad jss ddd rd 3n dl 88 non none rlan ln ee re nle dea e0 dn0 no dr3 nnn ll rr nn fish h dee dg dse drd lfl wed mom ewl eee fff ggg sss wfw qqw qeqw wwq ww bb lll ere3 vdd3 se si9 le9 bad cdad sad lal lad dal ni l nil u8 ede rkrk rk kr kkr rkk" with the patch than without.
I did notice that there was no error if you went above the character length without the patch (and assume there is none with the patch either). That isn't a blockage for this issue, just something I'm noticing.
Added the string via the content types admin/structure/types/manage/article/fields/node.article.field_file
Comment #38
alexpottThis is a nice bug find. And yep the fix of being less human-friendly in one way but way more human friendly in other makes sense to me :)
why are we replacing commas here now they are not used? If we do want to do this it should be tested. I think it might make since to do this but... then the description should probably not be changed.
Why have a max length? Afaik the config storage does not have a limit.
ONly has periods now - the field no longer ignores commas
Comment #39
deepakaryan1988Removing sprint weekend tag!!
As suggested by @YesCT
Comment #40
deepakaryan1988Sorry, these issues were actually worked on during the 2015 Global Sprint
Weekend https://groups.drupal.org/node/447258
Comment #43
aerozeppelin CreditAttribution: aerozeppelin at California State University San Bernardino commentedUpdated patch as per comments in #38.
Removing the max length resulted in failing tests. So, had to keep it.
Comment #54
LendudeNeeded a reroll, so started with that. But the logic of allowed extensions has become a bit more complex since this was last rolled due to things like #3166044: Allow file extensions containing underscores
I'm not sure if we should add the bit where we are lenient about the starting dot here. If we want that, we should probably add it in a separate issue since it is something of a feature vs the bug we are trying to fix here.
So for now I've taken that out and just removed the artificial padding with commas on display and added the test coverage. Sorry no interdiff because of the reroll.
Comment #56
LendudeFix the other test.
Needs a different patch for 9.4/9.5 and not going to bother with that until this lands, so moving to D10
Comment #57
acbramley CreditAttribution: acbramley at PreviousNext for Service NSW commentedManually tested successfully, including adding commas between extensions when configuring via the form.
Agree with #55 that we should handle the leading dot in a follow-up.
Comment #58
acbramley CreditAttribution: acbramley at PreviousNext for Service NSW commentedComment #59
quietone CreditAttribution: quietone at PreviousNext commentedSorry, I think my comment in #bugsmash was mis-understood.
The first time I ran the test a string of 'php' was created which will cause the test to fail. I think the final array needs to be stripped of any extensions that will cause a failure.