search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.04k stars 10.32k forks source link

File download failed if the file name contains an & #33055

Open engaltori opened 1 month ago

engaltori commented 1 month ago

Description:

Hello, when I upload a file to a channel or direct message that contains the & character in the file name, the file cannot be downloaded.

Steps to reproduce:

  1. Go to a Channel or Direct Message
  2. Upload a File where is a & inside the Filename like Test&Test.txt
  3. Try to Download the File

Expected behavior:

The File will be Downloaded

Actual behavior:

A new tab opens and shows me an HTTP 500 error. The file is not downloaded.

Server Setup Information:

Client Setup Information

Additional context

We store the files in an S3 bucket from Minio. The Proxy Option for File Uploads is enabled.

Relevant logs:

Rocket Chat Log nothing. No logs are displayed in the browser either.

reetp commented 1 month ago

Did this work on a previous version?

i.e. is this regression?

engaltori commented 1 month ago

At least it also occurred in version 6.9.3. That's why I updated to 6.11 to test if it's also in the current version.

reetp commented 1 month ago

Ok.

So it may have been in multiple versions.

These details are important when debugging.

Presumably the escaping is incorrect. Did you take a look at the produced code?

I also read that apparently escaping & is not required in html 5 but may break stuff elsewhere.

See what the devs day but it may take a while.

anoniz commented 3 weeks ago

well, it has worked on my machine with this specs Rocket.Chat Version: 6.12.0-develop
NodeJS Version: 14.21.4 - x64
MongoDB Version: 7.0.5
MongoDB Engine: wiredTiger
Platform: linux

I also i am new to the project. tell me if i have reproduced it wrong? steps i did

  1. ran yarn dsv
  2. went to localhost:3000
  3. clicked to the option "create channel "
  4. created channel and uploaded file and downloaded it
  5. it was downloaded successfully filedownloadissue filedownloadissue
reetp commented 3 weeks ago

I also i am new to the project. tell me if i have reproduced it wrong?

You are trying on localhost with gridfs and that may not be quite the same.

Did you use a S3 bucket + proxy?

This is something to learn. A bug needs to be reproducible. Exactly. Hence we ask that lots of info is provided so others can test the exact same issue.

In this instance the easy test is use https://open.rocket.chat as your first test as it is always dogfooding on latest code.

If that works then the OP should run a test vm on latest to check as it will likely be hard to reproduce their file storage setup.

Eliminate what it can't be first of all.

github-actions[bot] commented 1 week ago

This issue has been marked as stale because there has been no further activity in the last 10 days. If the issue remains stale for the next 4 days (a total of 14 days with no activity), then it will be assumed that the question has been resolved and the issue will be automatically closed.