Review: Needs Fixing code The librarian in general needs to support all valid filenames, which basically means every character except / and NUL. We should urlquote the ? in the name in the generated link, not filter it at upload time, unless we also want to ban various other characters like #.
This is similar to misguided sites that forbid form values containing ' and " to try to prevent SQL injection attacks. -- https://code.launchpad.net/~jcsackett/launchpad/bug-attachments-with-questionmark/+merge/128121 Your team Launchpad code reviewers is subscribed to branch lp:launchpad. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp
