File upload with colon in the file name to a Windows install creates crazy.

Description

I noticed some strange 0 byte files with oddly truncated file names in a folder of user uploaded files (mostly PDFs, but shouldn't be relevant) that actually rendered and could be downloaded.

I eventually realized they were files that were uploaded from a device that allows colons in the filename to the Windows server which uses the colon to define alternate data streams in NTFS.

e.g. Upload MyFunny:File.PDF from Linux, would get MyFunny a zero byte file, with an alternate data stream which held the actual file.

I was able to replicate the issue from a Linux VM, but I'm guessing the end users are sending these from Apples or maybe Android.

Adding cffile action="rename" to replace colons helped reduce the problem. I now get the expected filename with the expected file size; however, a truncated file name and 0 byte file are still there. e.g. "MyFunny" and zero bytes.

IMHO, I think the least confusing fix is to automatically replace semi colons in cffile on Windows, but maybe there are users who actually want this behaviour. In that case, rename should gracefully handle files with alternate data streams.

Environment

Windows 2008R2 server. Lucee 4.5

Activity

Pothys - MitrahSoft 
17 April 2020 at 06:46

Lucee doesn't allow the colon( : ) with the file name. Already I said above, I couldn't able to create a file name with a colon in Linux.
will confirm about this issue.

Leonard 
3 September 2019 at 17:23
(edited)

Hi Pothys.

I’m not sure what you want me to check.

Perhaps I was unclear of what is happening. End users are uploading files which have a colon in the name using a basic Lucee form. And I think you have confirmed, the result is an unexpected 0 byte file - there should also be an NTFS “alternate data stream” that has the actual data from the file.

It’s easy to create a file name with a colon in it in Linux. Just rename and type it in manually, it’s a legal character.

To be clear, I’m not trying to create the files on any system like this, it’s just that end users are uploading files with colons and I want to gracefully handle that. I’m perfectly fine with the colons being removed or replaced on NTFS file systems since it’s not a legal character in NTFS.

Thanks.

 

(Edit: I typed semi colon by accident a couple times in there. It is the colon that is a problem.)

 

Pothys - MitrahSoft 
3 September 2019 at 14:12

Hi,
Did you check the above? if not means, please do it and report here back.
It will improve the status of this ticket.

Pothys - MitrahSoft 
31 July 2019 at 15:33

I've checked this ticket. If we create a file with a colon, it is not possible on Windows, Linux, Android, and Mac. We try to create a file with a colon (Ex: test:file.pdf ), we got before colon as a file name ( test ) with 0 bytes.
And also, if we using cffile with action = "rename", this is also not working for this kind of activities. Because it is not allowed to create a file with a colon.

Details

Assignee

Reporter

Priority

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Created 16 May 2019 at 17:19
Updated 18 June 2023 at 17:03