Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Some of the example code in Examples makes it easy to write code that does not properly sanitize file names. Drupal core exarcibates this problem by not providing any functions to sanitize them. And it is a non-trivial problem to solve.
There is a patch to fix this in core:
#2472895: Provide file name sanitization functions
Attached is a patch to improve Examples module to encourage secure code. It depends on that patch. In the meantime, another simpler patch may be desirable.
Comment | File | Size | Author |
---|---|---|---|
file_check_destination-examples.patch | 7.89 KB | Bevan | |
Comments
Comment #1
Mile23Good stuff, but I'd much rather see that implemented in core and then just used here as an API.
Also, let's concentrate on 8.x-1.x for examples project feature requests.
I'm going to move this to 8.x-1.x and if it lands in core we can implement it that way and do a 7.x patch as needed.
Comment #3
Mile23Comment #4
Mile23