Input sanitation - filenames

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Attempt to upload a file with an apostrophe

What is the expected output? What do you see instead?

The file should successfully upload.  Instead, a failure is displayed

What version of the product are you using? On what operating system?

I think it's Mollify 2.2 (customized) with PHP 5.3.24 on Linux (hosted by 
GoDaddy).

Please provide any additional information below.

I'm guessing/assuming this is just an issue of input sanitation where the 
filename is inserted into the database.  The apostrophe probably breaks the SQL 
statement.

Original issue reported on code.google.com by baumg...@gmail.com on 12 Mar 2014 at 8:10

[GoogleCodeExporter]

If every part is in UTF-8 (web page, server, database), there should be no 
problems. I've tested with all kinds of characters, finnish, japanese, chinese 
etc, no problems.

In windows server there are lots of problems since the OS itself is not in 
UTF-8, but it's known problem with PHP and Windows. Linux should not have any 
problems.

So make sure that
a) index.html has <meta http-equiv="content-type" content="text/html; 
charset=UTF-8">
b) database charset is utf-8

Linux should be utf-8 by default, and so PHP should also work in utf-8.

Also, error log could be help also.

Original comment by samuli.j...@gmail.com on 16 Mar 2014 at 10:57

[GoogleCodeExporter]

Closing as there is no futher info

Original comment by samuli.j...@gmail.com on 29 Dec 2014 at 9:08

• Changed state: Invalid