Author Topic: correction on a line in /operations/mediaBrowser/editDirectoryAttributes.php  (Read 769 times)

freymann

  • Douchebag
  • Guru
  • *
  • Posts: 380
    • View Profile
While fiddling with my music collection, I was unable to apply attributes on all files in certain directories with a single quote in the filename...

Something like   Greatest Hit's!  would cause an error.

After seeing this a half dozen times I decided to add the addslashes() function to wherever it was needed.

Turns out to be in

/var/www/pluto-admin/operations/mediaBrowser/editDirectoryAttributes.php

I changed line 13 to look like this:

Code: [Select]
$filesArray=getAssocArray('File','PK_File','Filename',$mediadbADO,"WHERE Path LIKE '" . addslashes(@$dirData[0]['Path']) ."/". addslashes(@$dirData[0]['Filename']) . "' AND Missing=0 AND PK_File!='" . $fileID. "' AND IsDirectory=0 ORDER BY Filename ASC");

Changing the opening/closing single quotes in the SQL string to a double quote and modifying the line to get rid of the single quotes and added the addslashes() function around the Filename...

Works for me now.

« Last Edit: November 14, 2008, 04:41:34 am by freymann »

colinjones

  • Alumni
  • LinuxMCE God
  • *
  • Posts: 3003
    • View Profile
freymann
ooo! This is something that was causing problems on my install, too. Was trying to identify all the characters that cause problems in this thread http://forum.linuxmce.org/index.php?topic=6484.0

Do you think that your change will cover all special characters or just the single quote issue (I note that I manually went through and removed all my single quotes from file names)

If so, perhaps there is a similar update that can be applied to UpdateMedia which trips up on these as well.

Incidentally, since editing those characters out, I seem to be having more luck using the jump tabs at the side of the media grids whilst in sort by Filename mode. Previously, these only worked when sorted by an attribute rather than the file name. I think rodecot has discovered that before as well. Not sure, but that kind of sounds like the same type of edit needs to be made to the Orbiter source code, so a third location!

freymann

  • Douchebag
  • Guru
  • *
  • Posts: 380
    • View Profile
freymann
ooo! This is something that was causing problems on my install, too. Was trying to identify all the characters that cause problems in this thread http://forum.linuxmce.org/index.php?topic=6484.0

Do you think that your change will cover all special characters or just the single quote issue (I note that I manually went through and removed all my single quotes from file names)

addslashes() only handles quoting...

Quote
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).

From previous experience, I've found you can run into all sorts of troubles with filenames that contain weird characters. On forms I usually rename uploaded files that contain

a space, %20, +, ', #, %, [  and ]

The biggest problem is users can dump anything they want into the LMCE Media directories.

To "fix" them you'd need to run some kind of script to filter out the bad characters and rename files but by then it may be too late anyway.