Support Forum
Hello,
I'm using a File field with a custom upload folder and unique file name callback function. They work as expected.
However, the filenames are encoded so that spaces show as %20 and other characters are encoded in a similar way.
Is there any way when displaying these filenames to remove this encoding so the file name display properly? Right now they "Show%20Up%20Like%20This".
In inc/fields/file.php around Line 195 there's a sprintf function that returns this info for display. I fixed my display issues by changing this:
$data['title'],
$data['name'],
to this:
urldecode($data['title']),
urldecode($data['name']),
Ideally it would be better if there were an option for this built in to the plugin.
After further investigation this is also causing a bug that prevents the plugin from working correctly as well.
For File fields there's an option to upload files to a custom folder and also use a callback for a unique filename.
The files upload fine and you can see them attached in the Meta Box. However, you can't delete a file after it's attached because of how it's encoded.
In the plugin's sanitizer.php file there's the following function to sanitize File uploads:
private function sanitize_file( $value, $field ) {
return $field['upload_dir'] ? array_map( 'esc_url_raw', $value ) : $this->sanitize_object( $value );
}
It uses the esc_url_raw function to encode the file URL before storing it in the database. So a file with the name "Test File Here.pdf" becomes "Test%20File%20Here.pdf" and it is stored in the database that way. However, file names on the server do not get encoded that way, and on the server the file is still called "Test File Here.php".
As a result, the "ajax_delete_file" function in inc/fields/file.php does not delete these files and instead an error message pops up, leaving no way to actually delete these files which is a bug.
The URLs are being encoded properly for storage in the database, but that same encoding doesn't work for displaying the files or deleting them.
I corrected these two issues with two simple fixes, and confirmed that everything works as expected for me now.
File Delete Bug -In inc/fields/file.php around line 70 there is this line:
$path = str_replace( home_url( '/' ), trailingslashit( ABSPATH ), $attachment );
Just wrapping that whole thing in a urldecode fixes the issue. So:
$path = urldecode(str_replace( home_url( '/' ), trailingslashit( ABSPATH ), $attachment ));
With the two small changes mentioned here the files are uploaded properly, are properly encoded in the database, display properly in the Meta Boxes, and can be properly deleted.
Hi Sherwin,
Thanks for your effort and sharing your knowledge.
You can follow this documentation to bypass the default sanitization https://docs.metabox.io/sanitization/#bypass-the-sanitization