Java Mailing List Archive

http://www.apache-httpd.com/

Home » users.httpd »

Re: [users@httpd] Wrong charset convert SOLVED

ejirkae

2009-07-01

Replies: Find Java Web Hosting

Author LoginPost Reply
I didn't program MediaWiki, but on Wikipedia it seems to be working
well. I just realize that we haven't solved that problem with charset, I
have just changed charset sent by php ... you're right with "double
encoding" to utf-8, Apache/php think that it is something else and
encode it once more. But how can we tell php that it is in utf-8? I
don't know. :-D   Can it be called bug when there is no way to detect
charset of uploaded filename?

André Warnier wrote:
> Jiří Eichler wrote:
>> Man you are incredible.
> I had to leave that part..
> ...
> (I removed the part about the idiot however..)
> ...
> I didn't think that it is problem with php, it ran on Linux well.
>
> It runs under Linux well, probably /only/ because the locale of the
> process under which Apache + PHP is started, is a UTF-8 locale.
> So by default, PHP is considering the filename string as UTF-8, and
> you do not see the problem.
> But if you want to make this really portable, you should also make
> sure it always does it right under whatever OS and whatever locale.
>
> Unfortunately, it is not easy, because the browser does not actually
> tell you in which character set it sends the filename. So you have to
> "believe" that this is /your/ <form>, and that the browser does it
> correctly.
>
> I still think that it is a bad idea to save the file under the
> original name given by the browser, for a number of reasons.
> Let me give you a couple more reasons :
>
> 1) It is easy for a hacker, to create his own "HTTP agent" (browser).
> He does not even have to create one, there are many programs available
> that do that.
> This client could send you a file named
> "myfile.txt > /etc/passwd"
> or "file.txt ; rm -r /*"
> Then you, on the server, use that filename in another command, like
> system("cat" . $filename . " > myotherfile");
> Got the idea ?
>
> 2) I once designed an application like that, for normal users, not
> hackers. And they used it for a long time, without problems.
> Then one day, years later, I had to move all these thousands of
> uploaded files to another system. So, I used "tar" to create an
> archive of these files, to move them to the other system.
> Unfortunately, tar was crashing about every 50 files, because it got a
> filename that it could not handle, like
> "My grand-mother At the <Pizza Hut>. Near the place of John & Maria".png
> (that being a simple case)
> So it took me a lot of hours to move these files.
>
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@(protected)
>  "  from the digest: users-digest-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@(protected)
 "  from the digest: users-digest-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 apache-httpd.com - Jax Systems, LLC, U.S.A.