Encoding of Uploaded File Name

Support General Encoding of Uploaded File Name

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #28546
    sherwin_flightsherwin_flight
    Participant

    Hello,

    I'm using a File field with a custom upload folder and unique file name callback function. They work as expected.

    However, the filenames are encoded so that spaces show as %20 and other characters are encoded in a similar way.

    Is there any way when displaying these filenames to remove this encoding so the file name display properly? Right now they "Show%20Up%20Like%20This".

    #28576
    sherwin_flightsherwin_flight
    Participant

    In inc/fields/file.php around Line 195 there's a sprintf function that returns this info for display. I fixed my display issues by changing this:

    $data['title'],
    $data['name'],

    to this:

    urldecode($data['title']),
    urldecode($data['name']),

    Ideally it would be better if there were an option for this built in to the plugin.

    #28578
    sherwin_flightsherwin_flight
    Participant

    After further investigation this is also causing a bug that prevents the plugin from working correctly as well.

    For File fields there's an option to upload files to a custom folder and also use a callback for a unique filename.

    The files upload fine and you can see them attached in the Meta Box. However, you can't delete a file after it's attached because of how it's encoded.

    In the plugin's sanitizer.php file there's the following function to sanitize File uploads:

     private function sanitize_file( $value, $field ) {
            return $field['upload_dir'] ? array_map( 'esc_url_raw', $value ) : $this->sanitize_object( $value );
        }

    It uses the esc_url_raw function to encode the file URL before storing it in the database. So a file with the name "Test File Here.pdf" becomes "Test%20File%20Here.pdf" and it is stored in the database that way. However, file names on the server do not get encoded that way, and on the server the file is still called "Test File Here.php".

    As a result, the "ajax_delete_file" function in inc/fields/file.php does not delete these files and instead an error message pops up, leaving no way to actually delete these files which is a bug.

    The URLs are being encoded properly for storage in the database, but that same encoding doesn't work for displaying the files or deleting them.

    I corrected these two issues with two simple fixes, and confirmed that everything works as expected for me now.

    1. Display Issue - That issues was fixed by making the small change I mentioned in my previous comment above.
    2. File Delete Bug -In inc/fields/file.php around line 70 there is this line:
      $path = str_replace( home_url( '/' ), trailingslashit( ABSPATH ), $attachment );

    Just wrapping that whole thing in a urldecode fixes the issue. So:
    $path = urldecode(str_replace( home_url( '/' ), trailingslashit( ABSPATH ), $attachment ));

    With the two small changes mentioned here the files are uploaded properly, are properly encoded in the database, display properly in the Meta Boxes, and can be properly deleted.

    #28582
    Long NguyenLong Nguyen
    Moderator

    Hi Sherwin,

    Thanks for your effort and sharing your knowledge.

    You can follow this documentation to bypass the default sanitization https://docs.metabox.io/sanitization/#bypass-the-sanitization

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.