Opened 12 years ago

Closed 12 years ago

#5656 closed patch (fixed)

Escape regex-special characters in filenames for video handler

Reported by: sphery <mtdean@…> Owned by: xris
Priority: minor Milestone: unknown
Component: mythweb Version: unknown
Severity: medium Keywords:
Cc: Ticket locked: no


The attached patch creates a new function escape_regex(), which is 
meant to "escape" regex-special characters, and invokes that method 
within the video handler to handle filenames that use those 

Without the patch, in the event that a filename contains square 
brackets, the RLIKE will fail to return results, and in the event 
that it contains an "invalid range" (such as '[whatever-2008]'), 
will result in a blank page being returned to the browser.  Once 
patched, filenames using square brackets work properly.

Currently, the only special characters handled by the function are 
'[' and ']'.  The '*' should probably be handled, too, as well as 
the anchor characters, '^' and '$'.  The patch is meant mainly as a 
potential approach for fixing the issue, but I didn't take it all 
the way because I didn't know if there's a better approach 
(PHP-wise or, just different from replacing characters with '.').

Note that the function escape_regex(), as written, does not perform 
database-special-character escaping, so escape() should be called 
on the string after escape_regex().  Or, escape_regex() could be 
modified to make the call to escape(), if desired.

Attachments (1)

mythweb-5656-escape_regex_special_characters_in_filenames.patch (2.6 KB) - added by sphery <mtdean@…> 12 years ago.

Download all attachments as: .zip

Change History (2)

Changed 12 years ago by sphery <mtdean@…>

comment:1 Changed 12 years ago by Rob Smith

Resolution: fixed
Status: newclosed

(In [19023]) Fixes #5656, this adds in the ability to escape strings so mysqls regex doesnt get confused

Note: See TracTickets for help on using tickets.