Album name special characters issue

[kimparsell]

I did a clean install this AM using rev568, and ran into a bug. When trying to create an album with an apostrophe in the name (2005-12: Fallon's Pics), the album is being created (without any warnings issued) in the database, but the folder is not being created on the server. I discovered the problem when I went to edit the album to change the description. Upon clicking Update, the following errors were displayed:

Warning: rename(/home/xxxxxx/public_html/xxxxx/gallery1/plog-content/images/christmas/2005-12_fallon's_pics,
/home/xxxxxx/public_html/xxxxx/gallery1/plog-content/images/christmas/2005-12_fallons_pics) [function.rename]: No such file or directory in /home/xxxxxx/public_html/xxxxx/gallery1/plog-admin/plog-admin-functions.php on line 627

The Plogger error message:

Error renaming directory[[BR]] (/home/xxxxxx/public_html/xxxxx/gallery1/plog-content/images/christmas/2005-12_fallon's_pics to
/home/xxxxxx/public_html/xxxxx/gallery1/plog-content/images/christmas/2005-12_fallons_pics)

I deleted the album from the admin panel, and got the following error message:

Album has invalid path, not deleting directory

[sidtheduck]

Using the attached patch should fix this issue. It was either an issue with my previous code to stop duplicate albums (if album was being renamed the same, it threw an error) or an issue with the single quote (which is fixed using htmlspecialchars).

Also in this patch is a fix for ticket #181, and #180 as well as the fix for a possible SQL injection vulnerability found by a security coder (thanks James from GulfTech?!).

[kimparsell]

This has fixed the issue of the album folder not being created in the images directory. The folder is created, and the apostrophe is being included in the actual folder name (fallon's_pics).

When using cruft-free URLs, the url for that album looks like this: http://plogger.domain.com/gallery/plogger_test_collection/fallon%27s_pics/

Do we want the leave the apostrophe in the actual folder name, or just leave it in the album name in the database to display on the gallery front-end and strip it out of the folder name (fallons_pics)?

[sidtheduck]

I could definitely strip out quotes (single or double) from the actual foldername if we wanted to. In the cruft-free URL above '%27' is just the URL encoded single quote (') similar to '%20' is a space. It all depends on what we want. The only issue that I can think of (and it's a very small instance) would be someone who had an album or collection named "jones" photos and another named jones' photos it would have a conflict in the actual folder name on the disk (where the old way the first instance would be _jones__photos and the second would be jones'_photos).

I'm up for whatever though as this conflict will very rarely happen within a single collection / album situation.

[kimparsell]

Let's go ahead and pull the quotes (single and double) out of the folder name in the image directory then, but leave it in the album name in the database. If you want, we can just double the underscore to take the place of the quote.

[sidtheduck]

Patch updated to now remove single and double quotes from names in the filebase (they are saved untouched in the database). All other specialty characters (beside hyphens, commas, and dots) are replaced by underscores.

[kimparsell]

I've just tested with the latest patch, and all of the listed concerns have been resolved.

[sidtheduck]

Fixed with r569.