xor пишет:
On Wednesday 17 February 2010 19:45:27 Evan Daniel wrote:
> On Wed, Feb 17, 2010 at 12:21 PM, Matthew Toseland
>
> <[email protected]> wrote:
> > + private static final boolean operatingSystemIsWindows() { //
> > TODO: Move to the proper class + try {
> > + return
> > System.getProperty("os.name").toLowerCase().indexOf("win") >= 0; +
> > } catch(Throwable t) {
> > + return true; // :)
> > + }
> > + }
> >
> > IMHO this is dodgy, other OSs might have "win" in them. Normally we
just
> > check if File.separator is "\".
> >
> > I am not convinced that the rest of the change is a good idea. For
> > example allowing HTML markup in filenames might combine with sloppy
code
> > to cause problems. Allowing % in url's might again cause issues.
Allowing
> > pipes, <>, and spaces might cause problems with filenames copied to a
> > shell. I guess it should depend on the configuration i.e. how paranoid
> > the user is.
>
> Similarly, as I've mentioned on IRC, I think we should take a set of
> characters that will work on all common OSes (modern Windows, Linux,
> OSX, BSDs) and filter to that regardless of host OS, and that we
> should filter both on upload and download. This would make it vastly
> simpler to have one person upload a file, and then have a second
> download it and re-upload it and produce the same key. Inserts of the
> same file that produce different keys is going to be a continuing
> problem in making file sharing work well. Obviously as long as we
> include the filename in the metadata it's not completely solvable, but
> we can at least try to avoid making the problem any worse.
I agree that we need re-inserts to work. It was one of my goals with the
new sanitizer: The old one removed very common characters such as
brackets. And as it is only being used when downloading files and not
when inserting them, people who have downloaded an affected file could
not reinsert it without renaming (which nobody will do).
However, we cannot have a strict list of forbidden characters which is
applied for all operating systems because some OS forbid very common and
useful characters: Windows for example does not allow the question mark
"?" in filenames. This sucks. What would be acceptable is to have a
config option "Remove problematic characters from filenames when
downloading and uploading files" and have it enabled by default. This
should as the name says also change the current behavior to also
sanitize filenames before uploading.
I don't really know how to properly implement configuration options in
fred but I could write the sanitizing code ... maybe someone can
implement the config option for me?
Also keep in mind contextual problems. A full stop '.', for example, is allowed
in Windows, but not if it's the last character in the file name (if you have
dual boot try to add . at the end of the filename in a real os, and then open in
in windows, it will tell you file doesn't exist.
- Volodya
--
http://freedom.libsyn.com/ Echo of Freedom, Radical Podcast
http://www.freedomporn.org/ Freedom Porn, anarchist and activist smut
"None of us are free until all of us are free." ~ Mihail Bakunin
_______________________________________________
Devl mailing list
[email protected]
http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/devl