Closed GoogleCodeExporter closed 9 years ago
This is another weird one. In my tests, I can't make this occur, no matter how
much I include &s and "s in the filename. I'm testing on ext3 under Arch Linux,
but that shouldn't make a difference.
Can you run a test on this filename in isolation? I.e., open a Python prompt
and type something like:
>>> open('/var/storage/mount/music/Duke Ellington & His Orchestra/Hot Summer
Dance/01 Take the "A" Train.flac', 'wb')
See if that throws the same exception. If so, we'll know your system doesn't
like that filename.
Original comment by adrian.sampson
on 18 Nov 2011 at 4:41
That's the thing. The file is not copied. When I get that error, only the
destination directory is created.
Original comment by pe...@e-pedro.com
on 19 Nov 2011 at 11:43
Right, that open() call will try *creating* the file (simulating the copy
operation).
Original comment by adrian.sampson
on 19 Nov 2011 at 11:53
Oh. My bad. It throws the same exception.
Original comment by pe...@e-pedro.com
on 20 Nov 2011 at 12:16
If I remove the quotes around the A it works.
Original comment by pe...@e-pedro.com
on 20 Nov 2011 at 12:16
Thanks! Oddly, I still can't make any of my Linux boxes complain when creating
files with " in them, but for now I think the safest thing to do is add that
character to the substitution blacklist.
Original comment by adrian.sampson
on 20 Nov 2011 at 2:11
Hi! Was just browsing around the project and saw this, thought I'd add in
something (hopefully) helpful:
While it might not be the best idea to have files with strange characters in
them, it's perfectly legal for all of the characters above, and I don't think
that's the problem. I.e. open from the above stack trace will not fail because
of those characters.
More likely there's a shell command earlier on where it's passed as an argument
without being properly escaped (i.e. mkdir -p /path/to/strange & unusual
characters/). I wouldn't be surprised to find a directory
'/var/storage/mount/music/Duke Ellington ' and an error about "Hot Summer
Dance/...": command not found, or errors about strange named commands that are
not found, etc.
While as a design decision you might decide that you don't want to (or can't,
like '/') create files with certain characters in their name, you still need to
make sure you're properly handling/quoting/escaping them, because they might be
coming from an external and untrusted source.
For example, if you ripped the l33t h4x0rz song "I like to `rm -rf /`", even if
you don't keep "`" in the output filename it sounds to me like it's being given
to a shell command somewhere in the meantime, perhaps for re-tagging or
similar, which would not be super fun :)
Original comment by sean...@gmail.com
on 21 Nov 2011 at 1:24
and btw, proper escaping, assuming the command is a single string being passed
to os.system() or similar, would be to take each argument, replace every
instance of a single quote with an escaped single quote surrounded by two more
single quotes ('\''), and then single quote the entire resulting value. i.e.,
Daft Punk's "Rollin' & Scratchin'" would become 'Rollin'\'' & Scratchin'\'''.
hope that helps!
Original comment by sean...@gmail.com
on 21 Nov 2011 at 1:34
Thanks for the comments, seanius, but in this case these paths are never being
passed to a shell. The Python open() invocation we experimented with above
never goes through any shell; it invokes the UNIX system call directly.
Original comment by adrian.sampson
on 22 Nov 2011 at 7:23
Character added to blacklist in 9d6057fef332.
Original comment by adrian.sampson
on 26 Nov 2011 at 10:38
Original issue reported on code.google.com by
pe...@e-pedro.com
on 14 Nov 2011 at 10:01