search

cubiclesoft / jquery-fancyfileuploader

A jQuery plugin to convert the HTML file input type into a fancy file uploader under a MIT or LGPL license. Mobile-friendly too!
58 stars 27 forks source link

Feature Request: Support German Umlauts in filenames in function FilenameSafe #20

Closed Woersty closed 3 years ago

Woersty commented 3 years ago

Hi, I have a few files with German umlaut chars which is not really an evil thing.

I would like to ask you to change the FilenameSafe function to another rule:

From: /[^A-Za-z0-9_.\-]/ To: /[^A-Za-z0-9\_\ \.\-\x{00C0}-\x{00FF}]/u

BR Christian

cubiclesoft commented 3 years ago

Unicode is far more complex than this and has been the source of countless application vulnerabilities over the years. Having attempted to write my own full-blown Unicode library before, I know WAY more than most people. FilenameSafe() originally comes from the php-misc repo. It's designed for simple filenames in a highly restricted whitelist to avoid all kinds of bad actors at all levels of the stack (OS, web server, PHP, and web browser). There is the UTF-8 library that is also in php-misc, but I'm not about to merge those classes together. The Str class is widely used across all CubicleSoft applications during application initialization.