Closed Woersty closed 3 years ago
Unicode is far more complex than this and has been the source of countless application vulnerabilities over the years. Having attempted to write my own full-blown Unicode library before, I know WAY more than most people. FilenameSafe() originally comes from the php-misc
repo. It's designed for simple filenames in a highly restricted whitelist to avoid all kinds of bad actors at all levels of the stack (OS, web server, PHP, and web browser). There is the UTF-8 library that is also in php-misc
, but I'm not about to merge those classes together. The Str class is widely used across all CubicleSoft applications during application initialization.
Hi, I have a few files with German umlaut chars which is not really an evil thing.
I would like to ask you to change the FilenameSafe function to another rule:
From:
/[^A-Za-z0-9_.\-]/
To:/[^A-Za-z0-9\_\ \.\-\x{00C0}-\x{00FF}]/u
BR Christian