On Wed, Feb 17, 2010 at 5:26 PM, xor <xor at gmx.li> wrote:
> On Wednesday 17 February 2010 19:45:27 Evan Daniel wrote:
>> On Wed, Feb 17, 2010 at 12:21 PM, Matthew Toseland
>>
>> <toad at amphibian.dyndns.org> wrote:
>> > + ? ? ? private static final boolean operatingSystemIsWindows() { //
>> > TODO: Move to the proper class + ? ? ? ? ? ? ? try {
>> > + ? ? ? ? ? ? ? ? ? ? ? return
>> > System.getProperty("os.name").toLowerCase().indexOf("win") >= 0; +
>> > ? ? ? ? } catch(Throwable t) {
>> > + ? ? ? ? ? ? ? ? ? ? ? return true; ? ?// :)
>> > + ? ? ? ? ? ? ? }
>> > + ? ? ? }
>> >
>> > IMHO this is dodgy, other OSs might have "win" in them. Normally we just
>> > check if File.separator is "\".
>> >
>> > I am not convinced that the rest of the change is a good idea. For
>> > example allowing HTML markup in filenames might combine with sloppy code
>> > to cause problems. Allowing % in url's might again cause issues.
>> > Allowing
>> > pipes, <>, and spaces might cause problems with filenames copied to a
>> > shell. I guess it should depend on the configuration i.e. how paranoid
>> > the user is.
>>
>> Similarly, as I've mentioned on IRC, I think we should take a set of
>> characters that will work on all common OSes (modern Windows, Linux,
>> OSX, BSDs) and filter to that regardless of host OS, and that we
>> should filter both on upload and download. This would make it vastly
>> simpler to have one person upload a file, and then have a second
>> download it and re-upload it and produce the same key. Inserts of the
>> same file that produce different keys is going to be a continuing
>> problem in making file sharing work well. Obviously as long as we
>> include the filename in the metadata it's not completely solvable, but
>> we can at least try to avoid making the problem any worse.
>
> I agree that we need re-inserts to work. It was one of my goals with the new
> sanitizer: The old one removed very common characters such as brackets. And
> as it is only being used when downloading files and not when inserting them,
> people who have downloaded an affected file could not reinsert it without
> renaming (which nobody will do).
>
> However, we cannot have a strict list of forbidden characters which is
> applied for all operating systems because some OS forbid very common and
> useful characters: Windows for example does not allow the question mark "?"
> in filenames. This sucks. What would be acceptable is to have a config
> option "Remove problematic characters from filenames when downloading and
> uploading files" and have it enabled by default. This should as the name
> says also change the current behavior to also sanitize filenames before
> uploading.
>
> I don't really know how to properly implement configuration options in fred
> but I could write the sanitizing code ... maybe someone can implement the
> config option for me?That config option sounds like an entirely reasonable approach to me. Evan Daniel
