Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I have an issue with "&" (ampersand) in filenames.
When i am on the edit page, the link to the uploaded file does work : http://www.mysite.com/sites/default/files/GT&W.pdf
however when i'm on the view page (like any visitor), it doesnt work : http://www.mysite.com/sites/default/files/GT%2526W.pdf
Looks like this is a bug from the module.
I will try version 6.x-3.4, but i dident see any related bug fix from version 3.3 -> 3.4.
Comment | File | Size | Author |
---|---|---|---|
#11 | ampersand.png | 12.01 KB | tmsimont |
Comments
Comment #1
quicksketchThis was actually fixed as part of the XSS security fix in the 3.4, which didn't have a related issue in the issue queue. It should now be corrected to handle special characters like
& < > " '
.Comment #2
Ludo.ROh, i did try the 3.4 version, and uploaded the file again, but the problem still remained.
For instance i installed the transliteration module, but with this solution i only get round the problem.
I'm back with version 3.3, until the new version works correctly. Then i'll try the file upload again.
Comment #4
nonzero CreditAttribution: nonzero commentedI'm having this problem with FileField 3.9. & turns into %2526 in a link's href for both node view and node edit.
Comment #5
nonzero CreditAttribution: nonzero commentedThe problem exists when Drupal is set to private files mode. In public mode, the ampersand shows up in the link correctly and the download works.
Comment #6
nonzero CreditAttribution: nonzero commentedI'm working around this by adding a str_replace in my theme's template.php:
I'm sure there's a better way.
Comment #7
quicksketchI don't plan on fixing this issue personally. I'd be happy to review patches by users who are experiencing this problem.
Comment #8
Ludo.RI had this problem with public files system too!
I dont think this is private files system related.
Comment #9
tmsimont CreditAttribution: tmsimont commentedI've got the same issue in 3.10 -- it's not just private fields, it also breaks in views, but only in certain circumstances.
In my case, I was putting the "Path to file" formatted field into a view, and then "excluding from display" -- I then rewrote another field as a link, and put the "path to file" field into the href setting.
Basically, I think this means that any time you take the field value and try to use a Drupal module that then uses l() or url() -- or if you're directly putting the filepath into l() or url() then the path gets passed through drupal_urlencode() and php's rawurlencode()
It seems that trying to work around this would be a huge headache... What if the filefield just threw a validation error when it encounters an ampersand? Wouldn't that make the most sense?
Comment #10
tmsimont CreditAttribution: tmsimont commentedbetter title
Comment #11
tmsimont CreditAttribution: tmsimont commentedi was wrong.. i just tried testing l() and url() used together in PHP and there's no issue with the ampersand. i only see this problem (with my public file system) when using views as i'd described above...
i'm not sure what about that approach causes it to break.
in the attached screenshot, the field_research_file_fid token refers to the field that is "excluded from display"
that field is configured with the "Path to file" formatter
Comment #12
tmsimont CreditAttribution: tmsimont commentedOK -- to anyone out there who finds this... i fixed my issue by changing to "URL to file" output instead of "Path to file" in the view field settings...
Sorry that doesn't help anyone having private file system problems.. unless you're using views like i was!
Comment #13
Anonymous (not verified) CreditAttribution: Anonymous commentedQuestion marks ? in the filename also seems to break the link in the views display if I use 'Link this field to download the file'.
Comment #14
quicksketchWe fixed this issue when using the "Generic File" formatter in #1249486: Properly encode public file urls with special characters in file name that were being double escaped. There are probably still lingering problems when doing Views, since we don't provide a custom handler for the display of file paths.