On Wednesday 17 February 2010 22:26:54 xor wrote: > On Wednesday 17 February 2010 19:45:27 Evan Daniel wrote: > > On Wed, Feb 17, 2010 at 12:21 PM, Matthew Toseland > > > > <[email protected]> wrote: > > > + private static final boolean operatingSystemIsWindows() { // > > > TODO: Move to the proper class + try { > > > + return > > > System.getProperty("os.name").toLowerCase().indexOf("win") >= 0; + > > > } catch(Throwable t) { > > > + return true; // :) > > > + } > > > + } > > > > > > IMHO this is dodgy, other OSs might have "win" in them. Normally we just > > > check if File.separator is "\". > > > > > > I am not convinced that the rest of the change is a good idea. For > > > example allowing HTML markup in filenames might combine with sloppy code > > > to cause problems. Allowing % in url's might again cause issues. Allowing > > > pipes, <>, and spaces might cause problems with filenames copied to a > > > shell. I guess it should depend on the configuration i.e. how paranoid > > > the user is. > > > > Similarly, as I've mentioned on IRC, I think we should take a set of > > characters that will work on all common OSes (modern Windows, Linux, > > OSX, BSDs) and filter to that regardless of host OS, and that we > > should filter both on upload and download. This would make it vastly > > simpler to have one person upload a file, and then have a second > > download it and re-upload it and produce the same key. Inserts of the > > same file that produce different keys is going to be a continuing > > problem in making file sharing work well. Obviously as long as we > > include the filename in the metadata it's not completely solvable, but > > we can at least try to avoid making the problem any worse. > > I agree that we need re-inserts to work. It was one of my goals with the new > sanitizer: The old one removed very common characters such as brackets. And > as > it is only being used when downloading files and not when inserting them, > people who have downloaded an affected file could not reinsert it without > renaming (which nobody will do). > > However, we cannot have a strict list of forbidden characters which is > applied > for all operating systems because some OS forbid very common and useful > characters: Windows for example does not allow the question mark "?" in > filenames. This sucks. What would be acceptable is to have a config option > "Remove problematic characters from filenames when downloading and uploading > files" and have it enabled by default. This should as the name says also > change > the current behavior to also sanitize filenames before uploading.
As I understand it your code does not remove : ? etc on Windows, it only removes stuff that cannot be represented in ISO-8859-1 or UTF-8 or whatever the default is.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/devl
