Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Hello!
I just stumbled upon this bug so I am gonna document it for the time being. Later on I will return and will put a patch here.
Steps to reproduce:
- Add a webform with element "managed_file" on it. In the configs of the managed_file element make sure to enable the "Sanitize file name" checkbox.
- Go and submit a webform, upload arbitrary file with the name "this-last-t-is-cut.txt".
- Go and see the webform submission. Observe the file name to be "this-last-t-is-cu.txt" though the expected result is to have it under the name "this-last-t-is-cut.txt".
The problem is the rtrim(pathinfo($destination_filename, PATHINFO_BASENAME), ".$destination_extension") because rtrim trims on character-level, not a substring. So we tell PHP to trim all of the ., t, x characters from the right. So it cuts the extension + the t char in the file name.
Personally I do not think we need a test to cover this, but if others insist, I can write a test the pinpoints the bug.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | 2942174-file-extension-3.patch | 1.04 KB | bucefal91 |
| |||
Comments
Comment #2
jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commentedIt is fine to not to include test coverage for a basic fix that just makes sense. If we keep having problems with sanitizing filenames we can write some tests.
Comment #3
bucefal91 CreditAttribution: bucefal91 at Websolutions Agency commentedhere comes the easy fruit :) I will commit it if test bot likes it.
Comment #4
jrockowitz CreditAttribution: jrockowitz as a volunteer and at The Big Blue House commentedLooks good.
Comment #6
bucefal91 CreditAttribution: bucefal91 at Websolutions Agency commentedFixed :)