launchpad-reviewers team mailing list archive

Thread
Date

Re: [Merge] lp:~jcsackett/launchpad/bug-attachments-with-questionmark into lp:launchpad

To: mp+128121@xxxxxxxxxxxxxxxxxx
From: William Grant <me@xxxxxxxxxxxxxxxxxx>
Date: Thu, 04 Oct 2012 23:07:41 -0000
In-reply-to: <20121004214721.11020.29708.launchpad@ackee.canonical.com>
Reply-to: mp+128121@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Review: Needs Fixing code

The librarian in general needs to support all valid filenames, which basically means every character except / and NUL. We should urlquote the ? in the name in the generated link, not filter it at upload time, unless we also want to ban various other characters like #.

This is similar to misguided sites that forbid form values containing ' and " to try to prevent SQL injection attacks.
-- 
https://code.launchpad.net/~jcsackett/launchpad/bug-attachments-with-questionmark/+merge/128121
Your team Launchpad code reviewers is subscribed to branch lp:launchpad.

References

[Merge] lp:~jcsackett/launchpad/bug-attachments-with-questionmark into lp:launchpad
From: j.c.sackett, 2012-10-04