server_add: problem with more than one dot in the filename

selectany

Joined: 2012-06-21
Posts: 9
Posted: Thu, 2012-06-21 11:31

Hi

server_add cannot add images containing more than one dot in the filename.
Example of problematic filename: IMG_2291.1.JPG.

Try to rename some image file and put additional dot in the filename. Then try to add this image file to your Gallery using server_add.

May be some one must report bug. I would do that but don't know how.

 
suprsidr
suprsidr's picture

Joined: 2005-04-17
Posts: 8339
Posted: Thu, 2012-06-21 12:39
 
selectany

Joined: 2012-06-21
Posts: 9
Posted: Thu, 2012-06-21 13:19

I saw that, but this is very old discussion - 2010-04-09 - and the issue is still reproducible.

I cannot understand why this issue is still unresolved?
Or may be it was resolved, but the same undesirable behaviour is caused by something else.

 
shadlaws

Joined: 2012-03-14
Posts: 183
Posted: Thu, 2012-06-21 14:59

Since that discussion, the code has changed, and the original example used should work fine. However, I think I see why similar problems could still occur: the number of regex replacements isn't limited.

That said, I'm unclear why the example "IMG_2291.1.JPG" is a problem. Let me explain...

Currently, the function in modules/gallery/helpers/item.php is:

  static function convert_filename_to_title($filename) {
    $title = strtr($filename, "_", " ");
    $title = preg_replace("/\..{3,4}$/", "", $title);
    $title = preg_replace("/ +/", " ", $title);
    return $title;
  }

If I'm reading it correctly, then it should do the following:

"DSC_1234.JPG" -> "DSC 1234" (good)
"DSC_1234.1.JPG" -> "DSC 1234.1" (good)
"DSC_1234.123.JPG" -> "DSC 1234" (undesired)
"DSC_1234.1234.JPG" -> "DSC 1234" (undesired)
"DSC_1234.1.MV" -> "DSC 1234" (weird case, but still not desired)

My suggested correction is to change the third line to limit the number of replaces to 1. We can additionally prevent the last weird case by using "\w" instead of ".". Resulting function is:

  static function convert_filename_to_title($filename) {
    $title = strtr($filename, "_", " ");
    $title = preg_replace("/\.\w{3,4}$/", "", $title, 1);
    $title = preg_replace("/ +/", " ", $title);
    return $title;
  }

Thoughts? If it makes sense I can file a ticket...

EDIT: it might be better practice to use single quotes too, yes?

Take care,
Shad

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Thu, 2012-06-21 15:52

There is some issues on some versions of Apache form what I can see from the recent tickets and commits:
https://sourceforge.net/apps/trac/gallery/ticket/1872
https://github.com/gallery/gallery3/commit/9e2ea2ffedb22f83137db4e5ba4c06b91f11e09d

Is this related? I don't know.
Perhaps it is a bit drastic?

Just reaching for straws here but what about some malicious file names like:
DCS_1234.php.JPG where the file is not really a image but some php code that could be executed?

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
selectany

Joined: 2012-06-21
Posts: 9
Posted: Thu, 2012-06-21 17:38

@shadlaws Just try to add some file names like: IMG_2291.1.JPG. I don't understand regex syntax.
@floridave: I thought it is possible to identify JPG files by reading reading some header data or signature, like BMP files.

 
shadlaws

Joined: 2012-03-14
Posts: 183
Posted: Fri, 2012-06-22 10:47

@floridave - Aye, that makes sense. I was seeing it from the angle presented in the previous post, namely that the *title* of the file itself got screwy. However, it's kind of a moot point if the file itself never gets approved to be added :-).

I poked around a bit more for explanations on the multiple-extension Apache thing, and it seems like there are a few solutions:
- just let all multiple-extension files go by (not secure or robust - even if not malicious, you can inadvertently cause things to break, e.g. by adding language association with .en.jpg)
- check all "extra" extensions against a list, and let them pass if ok (doesn't sound terribly robust)
- replace extra periods with another character during upload (could work, but can make maintaining backup copies of your multi-GB photo gallery a mess with mismatched filenames)
- reject the file, force user to rename without periods (current solution)

Honestly, after thinking about it, the current solution makes sense to me. It's not great practice to have extra extensions anyway unless they mean something (e.g. .php.html) <shrug>

Take care,
Shad

 
selectany

Joined: 2012-06-21
Posts: 9
Posted: Fri, 2012-06-22 11:50

I think that "reject the file, force user to rename without periods" is the best solution comparing to others from your suggestions.
OK, it is current solution, but user must be notified that some files are rejected.

So, if I want to add new images to my gallery, then I have to:
- select and collect all pictures from a SD card and put them in a temporary directory on some of my local machines.
- add the whole directory to the gallery in my homeserver machine
- delete temporary directory

I must know if all images are added successfully to my gallery before deleting temporary directory.

It is best to list all rejected files and show them to the user.

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Fri, 2012-06-22 13:59
Quote:
It is best to list all rejected files and show them to the user.

I think that is a reasonable request. Can you file a feature request in the bug tracker so it does not get lost?

Thanks
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
shadlaws

Joined: 2012-03-14
Posts: 183
Posted: Fri, 2012-06-22 14:13

Doesn't server_add typically put skipped files in the log? I seem to remember lines showing up in the maintenance tab a time or two... but maybe that doesn't pertain to this case?

Shad

 
selectany

Joined: 2012-06-21
Posts: 9
Posted: Sat, 2012-06-23 18:08
floridave wrote:
Quote:
It is best to list all rejected files and show them to the user.

I think that is a reasonable request. Can you file a feature request in the bug tracker so it does not get lost?

Thanks
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

Where exactly to file a feature request? I've never done this.

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Sun, 2012-06-24 05:36

https://sourceforge.net/apps/trac/gallery/newticket
Registration is free.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team