upload of file with colon character in name does not fail safe

Think you've found a bug? Post a description here.

Moderator: Serin

Post Reply
zas
New User
Posts: 8
Joined: Mon Aug 18, 2014 10:07 am

upload of file with colon character in name does not fail safe

Post by zas » Wed Nov 25, 2015 11:31 am

I know that : is not a valid character in Windows, but we recently had a user upload a file to the web interface with : in the name and it triggered an event notification of upload complete and didn't generate any error. Meanwhile, the file disappeared into the ether and can not be located on the server. I think Cerberus should either fail the upload immediately or automatically convert : to a different character.

This is the original log (with light edits for privacy). I have also replicated the glitch using a Linux live CD & the web interface because neither Windows nor OSX would let me make : a part of a filename.

[2015-11-18 20:45:30]:CONNECT [ 1789] - Incoming connection request on HTTPS interface 3 at x.x.x.x
[2015-11-18 20:45:30]:CONNECT [ 1789] - HTTPS connection request accepted from x.x.x.x
[2015-11-18 20:45:30]:CONNECT [ 1789] - SSL connection using SSL connection using TLSv1.2 (ECDHE-RSA-AES128-GCM-SHA256), 128 bit encryption encryption
[2015-11-18 20:45:30]: INFO [ 1789] - File upload started
[2015-11-18 21:58:05]:COMMAND [ 1789] - [user.name] POST /file/upload/blueimp HTTP/1.1
[2015-11-18 21:58:25]: SYSTEM [ 1789] - [user.name] Successfully stored file at '\\server\users\user.name\video11:17:15.mp4' (1025469924 B received)
[2015-11-18 21:58:25]: SYSTEM [server] - Match for rule 'User uploaded a file!' : Sending system event to SMTP Server

[2015-11-18 21:58:25]: REPLY [ 1789] - HTTP/1.1 200 Ok

Image

User avatar
Serin
Site Administrator
Posts: 1785
Joined: Sat Jan 01, 2005 6:57 pm
Location: United States
Contact:

Re: upload of file with colon character in name does not fail safe

Post by Serin » Wed Nov 25, 2015 11:49 am

Hello,

Have you tried this with 8.0.0.3? It should fail and return an error (although not the most helpful error). I'll work on making this fail a little more gracefully with the HTTPS web client.

Post Reply