On Wednesday 17 February 2010 23:33:22 Evan Daniel wrote: > On Wed, Feb 17, 2010 at 5:26 PM, xor <[email protected]> wrote: > > On Wednesday 17 February 2010 19:45:27 Evan Daniel wrote: > >> On Wed, Feb 17, 2010 at 12:21 PM, Matthew Toseland > >> > >> <[email protected]> wrote: > >> > + private static final boolean operatingSystemIsWindows() { // > >> > TODO: Move to the proper class + try { > >> > + return > >> > System.getProperty("os.name").toLowerCase().indexOf("win") >= 0; + > >> > } catch(Throwable t) { > >> > + return true; // :) > >> > + } > >> > + } > >> > > >> > IMHO this is dodgy, other OSs might have "win" in them. Normally we > >> > just check if File.separator is "\". > >> > > >> > I am not convinced that the rest of the change is a good idea. For > >> > example allowing HTML markup in filenames might combine with sloppy > >> > code to cause problems. Allowing % in url's might again cause issues. > >> > Allowing > >> > pipes, <>, and spaces might cause problems with filenames copied to a > >> > shell. I guess it should depend on the configuration i.e. how paranoid > >> > the user is. > >> > >> Similarly, as I've mentioned on IRC, I think we should take a set of > >> characters that will work on all common OSes (modern Windows, Linux, > >> OSX, BSDs) and filter to that regardless of host OS, and that we > >> should filter both on upload and download. This would make it vastly > >> simpler to have one person upload a file, and then have a second > >> download it and re-upload it and produce the same key. Inserts of the > >> same file that produce different keys is going to be a continuing > >> problem in making file sharing work well. Obviously as long as we > >> include the filename in the metadata it's not completely solvable, but > >> we can at least try to avoid making the problem any worse. > > > > I agree that we need re-inserts to work. It was one of my goals with the > > new sanitizer: The old one removed very common characters such as > > brackets. And as it is only being used when downloading files and not > > when inserting them, people who have downloaded an affected file could > > not reinsert it without renaming (which nobody will do). > > > > However, we cannot have a strict list of forbidden characters which is > > applied for all operating systems because some OS forbid very common and > > useful characters: Windows for example does not allow the question mark > > "?" in filenames. This sucks. What would be acceptable is to have a > > config option "Remove problematic characters from filenames when > > downloading and uploading files" and have it enabled by default. This > > should as the name says also change the current behavior to also sanitize > > filenames before uploading. > > > > I don't really know how to properly implement configuration options in > > fred but I could write the sanitizing code ... maybe someone can > > implement the config option for me? > > That config option sounds like an entirely reasonable approach to me.
I will write the backend sanitize() function for it and toad will wire it in.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://osprey.vm.bytemark.co.uk/cgi-bin/mailman/listinfo/devl
