Opened 16 years ago
Closed 15 years ago
#5656 closed patch (fixed)
Escape regex-special characters in filenames for video handler
Reported by: | Owned by: | xris | |
---|---|---|---|
Priority: | minor | Milestone: | unknown |
Component: | mythweb | Version: | unknown |
Severity: | medium | Keywords: | |
Cc: | Ticket locked: | no |
Description
The attached patch creates a new function escape_regex(), which is meant to "escape" regex-special characters, and invokes that method within the video handler to handle filenames that use those characters. Without the patch, in the event that a filename contains square brackets, the RLIKE will fail to return results, and in the event that it contains an "invalid range" (such as '[whatever-2008]'), will result in a blank page being returned to the browser. Once patched, filenames using square brackets work properly. Currently, the only special characters handled by the function are '[' and ']'. The '*' should probably be handled, too, as well as the anchor characters, '^' and '$'. The patch is meant mainly as a potential approach for fixing the issue, but I didn't take it all the way because I didn't know if there's a better approach (PHP-wise or, just different from replacing characters with '.'). Note that the function escape_regex(), as written, does not perform database-special-character escaping, so escape() should be called on the string after escape_regex(). Or, escape_regex() could be modified to make the call to escape(), if desired.
Attachments (1)
Change History (2)
Changed 16 years ago by
Attachment: | mythweb-5656-escape_regex_special_characters_in_filenames.patch added |
---|
comment:1 Changed 15 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
(In [19023]) Fixes #5656, this adds in the ability to escape strings so mysqls regex doesnt get confused