File download failed if the file name contains an &

[engaltori]

Description:

Hello, when I upload a file to a channel or direct message that contains the & character in the file name, the file cannot be downloaded.

Steps to reproduce:

1. Go to a Channel or Direct Message
2. Upload a File where is a & inside the Filename like Test&Test.txt
3. Try to Download the File

Expected behavior:

The File will be Downloaded

Actual behavior:

A new tab opens and shows me an HTTP 500 error. The file is not downloaded.

Server Setup Information:

• Version of Rocket.Chat Server: 6.11.0
• License Type: Community
• Number of Users: 90
• Operating System:
• Deployment Method: Docker Container inside Kubernetes
• Number of Running Instances: 1
• DB Replicaset Oplog:
• NodeJS Version: v14.21.3
• MongoDB Version: 6.0.15

Client Setup Information

• Desktop App or Browser Version: Browser
• Operating System: Windows

Additional context

We store the files in an S3 bucket from Minio. The Proxy Option for File Uploads is enabled.

Relevant logs:

Rocket Chat Log nothing. No logs are displayed in the browser either.

[reetp]

Did this work on a previous version?

i.e. is this regression?

[engaltori]

At least it also occurred in version 6.9.3. That's why I updated to 6.11 to test if it's also in the current version.

[reetp]

Ok.

So it may have been in multiple versions.

These details are important when debugging.

Presumably the escaping is incorrect. Did you take a look at the produced code?

I also read that apparently escaping & is not required in html 5 but may break stuff elsewhere.

See what the devs day but it may take a while.

[anoniz]

well, it has worked on my machine with this specs Rocket.Chat Version: 6.12.0-develop
NodeJS Version: 14.21.4 - x64
MongoDB Version: 7.0.5
MongoDB Engine: wiredTiger
Platform: linux

I also i am new to the project. tell me if i have reproduced it wrong? steps i did

1. ran yarn dsv
2. went to localhost:3000
3. clicked to the option "create channel "
4. created channel and uploaded file and downloaded it
5. it was downloaded successfully

[reetp]

I also i am new to the project. tell me if i have reproduced it wrong?

You are trying on localhost with gridfs and that may not be quite the same.

Did you use a S3 bucket + proxy?

This is something to learn. A bug needs to be reproducible. Exactly. Hence we ask that lots of info is provided so others can test the exact same issue.

In this instance the easy test is use https://open.rocket.chat as your first test as it is always dogfooding on latest code.

If that works then the OP should run a test vm on latest to check as it will likely be hard to reproduce their file storage setup.

Eliminate what it can't be first of all.

[github-actions[bot]]

This issue has been marked as stale because there has been no further activity in the last 10 days. If the issue remains stale for the next 4 days (a total of 14 days with no activity), then it will be assumed that the question has been resolved and the issue will be automatically closed.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.