17718: sanitize_filename didn't really fix filename for all system

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

17718	Bug reports	LimeSurvey Website	public	2021-11-12 09:56	2023-05-29 11:18

Reporter	DenisChenu	Assigned To	c_schmitz
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Product Version	5.2.x

Summary	17718: sanitize_filename didn't really fix filename for all system
Description	Some issue with sanitize_filename, the majour one is didn't remove \ (for windows)
Steps To Reproduce	Steps to reproduce Install included plugin and check the tester, see the 3 false (no beautify) Expected result Issue with starting with special characters ( see issue 14091) even with invalid locale Issue with (,),[ and ] : no issue in any system, why remove it without beautify ? issue with multiple space and no beautify issue with \ (i can give a link if someone have a windows) Actual result See screenshot
Tags	No tags attached.
Attached Files	Capture d’écran du 2021-11-12 09-54-56.png (75,470 bytes) Capture d’écran du 2021-11-12 09-54-56.png (75,470 bytes) testSanitizeFileName.zip (2,394 bytes)

Bug heat	6
Complete LimeSurvey version number (& build)	5.2.1
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	not relevant
Server OS (if known)	debian
Webserver software & version (if known)	nginx
PHP Version	php7.4

User List	There are no users monitoring this issue.

DenisChenu 2021-11-12 09:57 developer ~67267	Can you check and see what must be really fixed ? I must test a file with "\" uploaded via linux on a linux server but try to download via windows.

DenisChenu 2021-11-15 15:55 developer ~67331	I must test a file with "\" uploaded via linux on a linux server but try to download via windows. Seems $_FILES['uploadfile']['name'] remove the \ here … send `Check\..\..\brokewindows.txt` : get brokewindows.txt without any other fix on filamne (maybe some JS ?)

c_schmitz 2022-02-01 10:23 administrator ~68159	Check out https://github.com/LimeSurvey/LimeSurvey/pull/2225 Screenshot 2022-02-01 at 10-23-08 LimeSurvey.png (69,385 bytes) Screenshot 2022-02-01 at 10-23-08 LimeSurvey.png (69,385 bytes)

DenisChenu 2022-02-01 11:17 developer ~68162	Great !

c_schmitz 2022-02-02 16:29 administrator ~68186	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=33139

c_schmitz 2022-02-04 15:27 administrator ~68208	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=33143

LimeBot 2022-02-07 11:51 administrator ~68222	Fixed in Release 5.2.13+220207

LimeSurvey: master aa00a0a5 2022-02-02 16:29:02 c_schmitz Committer: GitHub Details Diff	Various file upload issues (#2225) * Fixed issue: [security] Possible XSS in file upload question type * Fixed issue: In file upload question type any file with non-alphanumeric multi-byte characters may not properly show * Fixed issue: File upload question type preview not working * Fixed issue: File upload question type popup not showing correct title * Fixed issue: [security] Possible XSS in file upload question type * Fixed issue: Title & comment not shown for file upload question when navigating back and forth * Fixed issue 17718: In file upload question type any file with non-alphanumeric multi-byte characters may not properly show * Fixed issue 17718: In file upload question type any file with non-alphanumeric multi-byte characters may not properly show * Dev Removed basename because it is not needed anymore * Dev Better error message if file is not found or inaccessible for download * Dev Tiny CSS fix * Dev Fixed top line when listing uploaded question in responses * DEv Minified file * Dev Removed obsolete script load * Dev Minor display fixes	Affected Issues 17718
	mod - application/controllers/ResponsesController.php	Diff File
	mod - application/controllers/UploaderController.php	Diff File
	mod - application/helpers/common_helper.php	Diff File
	mod - application/helpers/expressions/em_manager_helper.php	Diff File
	mod - application/helpers/qanda_helper.php	Diff File
	mod - application/helpers/sanitize_helper.php	Diff File
	mod - application/models/SurveyDynamic.php	Diff File
	mod - application/views/survey/questions/answer/file_upload/answer.twig	Diff File
	mod - assets/packages/questions/upload/build/uploadquestion.js	Diff File
	mod - assets/packages/questions/upload/build/uploadquestion.min.js	Diff File
	mod - assets/packages/questions/upload/src/modaldialog.js	Diff File
	mod - assets/packages/questions/upload/styles/uploader.css	Diff File
	mod - assets/styles-public/browse.css	Diff File
LimeSurvey: master 30d8f213 2022-02-04 15:27:38 c_schmitz Details Diff	Fixed issue 17718: In file upload question type any file with non-alphanumeric multi-byte characters may not properly show Fixed issue: Title & comment not shown for file upload question when navigating back and forth Fixed issue: [security] Possible XSS in file upload question type Fixed issue: File upload question type popup not showing correct title Fixed issue: File upload question type preview not working Dev Removed information about Scrutiziner Dev Fake commit to enter missing information about commit aa00a0a5	Affected Issues 17718
	mod - README.md	Diff File

Date Modified	Username	Field	Change
2021-11-12 09:56	DenisChenu	New Issue
2021-11-12 09:56	DenisChenu	File Added: Capture d’écran du 2021-11-12 09-54-56.png
2021-11-12 09:56	DenisChenu	File Added: testSanitizeFileName.zip
2021-11-12 09:57	DenisChenu	Assigned To	=> c_schmitz
2021-11-12 09:57	DenisChenu	Status	new => feedback
2021-11-12 09:57	DenisChenu	Note Added: 67267
2021-11-12 09:57	DenisChenu	Bug heat	0 => 2
2021-11-12 10:45	DenisChenu	Relationship added	related to 14091
2021-11-15 15:55	DenisChenu	Note Added: 67331
2021-11-15 15:55	DenisChenu	Status	feedback => assigned
2022-02-01 10:23	c_schmitz	Note Added: 68159
2022-02-01 10:23	c_schmitz	File Added: Screenshot 2022-02-01 at 10-23-08 LimeSurvey.png
2022-02-01 10:23	c_schmitz	Bug heat	2 => 4
2022-02-01 11:17	DenisChenu	Note Added: 68162
2022-02-02 16:29	c_schmitz	Changeset attached	=> LimeSurvey master aa00a0a5
2022-02-02 16:29	c_schmitz	Note Added: 68186
2022-02-02 16:29	c_schmitz	Resolution	open => fixed
2022-02-04 15:27	c_schmitz	Changeset attached	=> LimeSurvey master 30d8f213
2022-02-04 15:27	c_schmitz	Note Added: 68208
2022-02-05 19:48	c_schmitz	Status	assigned => resolved
2022-02-07 11:51	LimeBot	Note Added: 68222
2022-02-07 11:51	guest	Bug heat	4 => 6
2022-02-07 11:51	LimeBot	Bug heat	6 => 4
2022-02-07 11:51	LimeBot	Status	resolved => closed
2022-02-07 11:51	LimeBot	Bug heat	4 => 6
2023-05-29 11:18	DenisChenu	Relationship added	related to 18844

View Issue Details

Steps to reproduce

Expected result

Actual result

Relationships

Users monitoring this issue

Activities

Related Changesets

Issue History

related to	14091	closed	c_schmitz	Filenames of uploads starting with special characters truncated with invalid setlocale
related to	18844	new		In file upload question, file names are obtained incorrectly, if file name starts with double-byte characters.