schlessera
commented
6 years ago Yes, I agree, just taking on a potentially unlimited string as a filename should be considered a bug.
Are you up to producing a pull request for the above?
Open westi opened 6 years ago
schlessera
commented
6 years ago Yes, I agree, just taking on a potentially unlimited string as a filename should be considered a bug.
Are you up to producing a pull request for the above?
schlessera
commented
6 years ago From @abdullah1908 on Slack:
I am just here to confirm about the length we should use for the site name like $sitename = sanitize_key( substr(get_bloginfo( 'name' ), 15));
We should stick with something that makes sense in terms of striving for maximum compatibility, while still not introducing a very arbitrary limitation.
Googling for POSIX limits brought me to this page: http://www.gnu.org/software/automake/manual/html_node/Limitations-on-File-Names.html:
Portable POSIX file names cannot contain components that exceed a 14-byte limit, but nowadays it’s normally safe to assume the more-generous XOPEN limit of 255 bytes. POSIX limits file names to 255 bytes (XOPEN allows 1023 bytes), but you may want to limit a source tarball to file names of 99 bytes to avoid interoperability problems with old versions of tar.
I'd say let's be conservative and stick to the 99 bytes limitation that tarballs seem to require for complete compatbility.
Because we use
get_bloginfo( 'name' );to generate the filename for the export and this is user supplied data we can end up generating a very long filename which then we can't save to disk.We should consider limiting the info we pull from here using
substror using something different.