[#23066] - Improves the getFilenameFromUrl method
- Fixed in Code Base
- 14 Nov 2018
- Medium
- Build: staging
- # 23066
- Diff
- regularlabs:patch-4
User tests: Successful: Unsuccessful:
When using the 'Install from URL' (or any extension using that functionality), downloads the package file, it will try to find a suitable file name to use to store in the tmp folder.
In most cases the filename is taken from the header information from the file.
However, if that information is not available, it will try to create a filename based on the url.
It does this using the getFilenameFromUrl() method.
So if the file is:
https://www.some-domain.com/downloads/foobar.zip
Then the filename will be foobar.zip.
That's all great.
However, what if the url is:
https://www.some-domain.com/downloads/file.php?file=foobar
Then the filename will be file.php?file=foobar.
Or even worse:
https://www.some-domain.com/downloads/?file=foobar
Will result in the filename ?file=foobar.
If this happens, then the next step in the process, the unpacking of the package, will fail miserably. As the special characters in the filename will cause kittens to die.
But there is another issue with the getFilenameFromUrl() method.
It is only used by the parent InstallerHelper class code (even though it is a public method).
And this is the code where it is used:
$target = $tmpPath . '/' . self::getFilenameFromUrl($url);But the getFilenameFromUrl() method will return a false if it can't find a filename for whatever reason.
So that would result in the filename 'false'... Not good.
Summary of Changes
So the PR makes the whole getFilenameFromUrl() method smarter.
- It will trim and replace any special characters with underscores.
Sohttps://www.some-domain.com/downloads/?file=foobarwill result infile_foobar. - It will fall back to and return a unique id (like ``) if there is no file name found for whatever reason.
Testing Instructions
This is hard to test in real life, as this code only gets triggered when stuff is not as it should be (no correct header information and such).
So probably best to test this through test suits passing dummy (fake) data to it.
If you can do that, I don't have to explain :)
Documentation Changes Required
https://api.joomla.org/cms-3/classes/Joomla.CMS.Installer.InstallerHelper.html
The return value of the getFilenameFromUrl() mothod has changed, as it now will always return a string. No more false value.
So:
getFilenameFromUrl(string $url) : mixed
Becomes:
getFilenameFromUrl(string $url) : string
And:
Response
mixed String filename or boolean false if failed
Becomes:
Response
string Clean version of the filename or a unique id
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
| Labels |
Added:
?
|
||
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23066.
In the absence of real unit tests...
var_dump(getFilenameFromUrl('THIS IS NOT A URL'));
// result = 5bebb0a10012bvar_dump(getFilenameFromUrl('https://example.com/this____or_that______.zip?dlid=asd'));
//result = this_or_that_.zip_dlid_asd
var_dump(getFilenameFromUrl('https://example.com/this____or_that______.zip?dlid=asd____a_a_a__b__b__B'));
// result =this_or_that_.zip_dlid_asd_a_a_a_b_b_Bvar_dump(getFilenameFromUrl('https://www.some-domain.com/downloads/file.php?file=foobar'));
//result = file.php_file_foobarvar_dump(getFilenameFromUrl('https://www.some-domain.com/downloads/file.zip?slid=123'));
//result = file.zip_slid_123 var_dump(getFilenameFromUrl('https://www.some-domain.com/downloads/?file=foobar'));
//result = file_foobarAre you happy with all those ? If so then I'll mark this as a successful test.
Yep. Happy with those.
I have tested this item
As per my comment above
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/23066.
Just seen this one in a myJoomla.com audit:
This is the kind of thing that this PR fixes :)
New filename would be
engagebox_view_Item_task_download_format_raw_id_181_dummy_my.zip_amp_dlid_2aae6240522a6fd4303597e09907013b
happy with that?
dlid changes to protect the innocent ;)
Yes. Seems fine.
I personally don't care about the filename that much, as long as it works.
And special chars can break stuff.
So that new filename seems ok to me.
I could add some code to trim the name down to a max length. But that hasn't been an issue as far as I know.
@regularlabs could you rebase your branch with staging to get travis green, thanks
Merging thanks!
| Status | Pending | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-11-14 11:50:45 |
| Closed_By | ⇒ | zero-24 |
merged.
Thanks!
Another example seen in myJoomla.com today
File found in /tmp was
/tmp/index.php?option=com_dms&task=doc_download&id=78&updater=true
var_dump(getFilenameFromUrl('https://example.com/index.php?option=com_dms&task=doc_download&id=78&updater=true'));
// result = index.php_option_com_dms_task_doc_download_id_78_updater_true
Thanks