The secure CMS.

Welcome to Geeklog, Anonymous Thursday, May 02 2024 @ 03:12 am EDT

Geeklog Forums

Bug in user photo upload code?

 New Topic  Post Reply
 03/04/09 11:38pm (Read 1,414 times)  
Status: offline

monoclast

Forum User
Junior
Registered: 07/08/06
Posts: 26
I noticed if a user name on my Geeklog site has the "?" character in it (for instance "SL?monoclast"Wink, their user photos won't display. It turns out Geeklog renames user photos on upload with the name of the user (for instance "SL?monoclast.jpg"Wink:

From line 790 of "usersettings.php":
$filename = $_USER['username'] . '.' . $fextension;

The problem is, since the "?" character is a special reserved character in URLs, web browsers cannot display the resulting image.

Question 1: Is there a function I can call on this file name to replace restricted characters before saving the file?

Question 2: How can we make sure this is fixed in future versions of Geeklog
-mono
 Quote
 03/05/09 04:27am  
Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Sounds like a bug which you may report in http://project.geeklog.net/tracking/

I think it is not really necessary to avoid the '?' in the username but to change it in display. If you look at this list http://www.w3schools.com/tags/ref_urlencode.asp a '?' should be '%3F' in the URL, if I understand this correctly.
 Quote
 03/05/09 05:28am  
Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
As Markus said: Submit a bug report, please. You already provided a good description of the problem - you could pretty much copy that into the bug report.

The underlying problem is that Geeklog is a bit too lax about the characters it accepts for usernames. That would be easy to fix for new sites but requires a migration strategy for existing sites.

bye, Dirk
 Quote
 03/05/09 06:00am  
Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Quote by: Dirk

Geeklog is a bit too lax about the characters it accepts for usernames.



Hm, as for me it can`t be lax enough :wink: I quite like the ability to use a name like "the three ???" or so. One also has to take into account that there are languages not using latin letters. But of course it should work propperly when showing the user pic.
 Quote
 03/06/09 01:23pm  

monoclast

Anonymous
Quote by: Dirk

As Markus said: Submit a bug report, please. You already provided a good description of the problem - you could pretty much copy that into the bug report.

The underlying problem is that Geeklog is a bit too lax about the characters it accepts for usernames. That would be easy to fix for new sites but requires a migration strategy for existing sites.

bye, Dirk


Thank you. I have reported the bug here:

http://project.geeklog.net/tracking/view.php?id=824

I am of the opinion that punctuation characters such as "?" should be allowed in user names. The real issue, IMO, is that Geeklog isn't properly encoding the user name for inclusion in a URL when it names the image file.
 Quote
 03/06/09 01:27pm  
Status: offline

monoclast

Forum User
Junior
Registered: 07/08/06
Posts: 26
Quote by: 1000ideen

Sounds like a bug which you may report in http://project.geeklog.net/tracking/

I think it is not really necessary to avoid the '?' in the username but to change it in display. If you look at this list http://www.w3schools.com/tags/ref_urlencode.asp a '?' should be '%3F' in the URL, if I understand this correctly.


Right. Thanks.

FYI:

To fix the problem in the mean time, I've changed line 970 of usersettings.php to this:

Text Formatted Code
790 $username = str_replace ('?', '_', $_USER['username']);
791 $username = str_replace ('!', '_', $username);
792 $filename = $username . '.' . $fextension;
-mono
 Quote
 New Topic  Post Reply
All times are EDT. The time is now 03:12 am.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content