#32511 – Editing an existing ticket and adding a external file to it

Posted in ‘Akeeba Ticket System’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Wednesday, 19 February 2020 05:47 CST
steph38
Hi,

I had to edit a just posted ticket because the filename of the attached file had not respected the writing rules (Linux server)

But I could not neither on front-end nor on back-end add the missing file to the post.

Is there an existing solution for this I haven't seen ?

If there is no existing solution for it, Is it possible to add this as an evolution suggestion of ATS ?

Thanks in advance for your help and advises,
WBR,

Custom Fields

Joomla! version (in x.y.z format) 3.9.15
PHP version (in x.y.z format) 7.3.13-1+ubuntu16.04.1+deb.sury.org+1
Akeeba Ticket System version (x.y.z format) 3.1.0

___________________________________________________________

Stéphane KARCHER
Webmaster

SYNERGISUD - France
e-Mail : [email protected] (anti-spam by MailInBlack)

Wednesday, 19 February 2020 08:10 CST
nicholas
I am not sure why you had to edit the ticket. The attachment is not stored with its original filename on your site. We use a long, random filename without an extension for security reasons. The original filename of the attachment is stored in the database only to provide a hint to the browser when you're downloading the file. If the filename contains invalid characters for the operating system you are downloading it to either the browser offers an alternative or you get an error – but the browser in this case does let you change the location and name of the downloaded file.

That is to say, if I upload a file called "Foo$bar:13.png" (a valid filename on Linux and definitely invalid on Windows) most browsers on Windows would propose to download it as something similar to "Foo_bar_13.png" or ask me where and under what name to store the file.

In any case, the name of the file is NOT used on your server EVER. That would be a massive security issue.

Can you please explain your use case a bit better?


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Wednesday, 19 February 2020 08:49 CST
steph38
Hi Nicolas,

Humm strange... that's not the way it is running on my server...

The first step of my experience : I answer a freshly opened ticket by adding a simple PDF file. The original name of the file was : Groupe Pac air-eau ext..pdf. this filename was refused by my system and the post was added to the ticket but without the file attached...

Second step : I go into the Back_end and edit the original post in order to add the missing file without any success.

Third step : I added another post with the file attached and renamed in shema.pdf that was accepted.

Fourth step : I post this ticket here.

PS If you need an SU access to the site back-end, let me know.

Thanks in advance for your help and advises,
WBR,

___________________________________________________________

Stéphane KARCHER
Webmaster

SYNERGISUD - France
e-Mail : [email protected] (anti-spam by MailInBlack)

Wednesday, 19 February 2020 10:19 CST
nicholas
I can tell you with ABSOLUTE certainty that a random filename is being used. I was refactoring the attachments code ten days ago. The entire architecture of attachment is very solid in my working memory right now. You can verify it by looking in the media/com_ats/attachments folder. See all those funny looking filenames in there? Yup. These are your attachments, not garbage. The mapping between real files and these "mangled" filenames is in your database, in the #__ats_attachments table.

Also, the name of the file you are trying to attach is absolutely valid on Linux. Linux is very permissive with regards to filenames. You can use pretty much anything except a null byte! It's Windows that has a bazillion restrictions about filenames.

You misdiagnosed your problem. Your problem is very different and has actually nothing to do with Akeeba Ticket System itself. That's why I asked you to explain your use case.

All attachments are uploaded using Joomla's core API for file uploads. By default, Joomla applies various security checks against the uploaded files. One of the checks is "does the filename of the uploaded file, as reported by the browser, contain more than one dots?". If it does, it's automatically rejected. When Joomla rejects the upload for security reasons –for ANY of its security checks, not just the multiple dots– ATS does not attach the file.

Your filename is Groupe Pac air-eau ext..pdf See the two dots before pdf? That's what triggered Joomla's upload security and caused your file to be rejected.

When you renamed the file to shema.pdf you fixed the double dot issue and the upload worked.

Your problem, therefore, has nothing to do with ATS. It's just Joomla's file upload security being triggered :)


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Wednesday, 19 February 2020 10:39 CST
steph38
Hi Nicolas,

Thanks for the quick answer !

I agree with you, it is part of the Joomla! security (the spaces, accents are even not accepted...)

But my question was more about how can I add a file to an existing post (regardless why this file is not added to the original post) ?

Thanks for your help and advises,
WBR,

___________________________________________________________

Stéphane KARCHER
Webmaster

SYNERGISUD - France
e-Mail : [email protected] (anti-spam by MailInBlack)

Thursday, 20 February 2020 01:56 CST
nicholas
You can't add a file to an existing post. You send a new post with the attachment(s) you forgot to upload the first time around. This is not going to change anytime soon for complex technical reasons.


Nicholas K. Dionysopoulos

Lead Developer and Director



🇬🇷Greek: native

🇬🇧English: excellent

🇫🇷French: basic



Please keep in mind my timezone and cultural differences when reading my replies. Thank you!



Monday, 24 February 2020 03:13 CST
steph38
Hi Nicolas,

OK that makes sens.

Thanks for your great help as usually.

Have a nice day !
WBR,

___________________________________________________________

Stéphane KARCHER
Webmaster

SYNERGISUD - France
e-Mail : [email protected] (anti-spam by MailInBlack)

This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.

Support Information

Working hours: Typically we work Monday to Friday, 9am to 7pm Cyprus timezone (EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets, but we cannot respond to them, outside of our working hours.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!