06-29-2011 07:07 PM - edited 06-30-2011 08:28 AM
Apparently Lithium has a list of acceptable filenames based on the extension. A file with no extension is (silently) given the extension .wht as in abc.wht. Then posting with this attachment fails with no warning message. Instead the edit window reappears with the attachment box cleared.
>> Updated 7/1/11: I did not see abc.wht, all I saw was the editor refreshing with no error message.
This is a major problem for HP-UX, Linux, and other Unix variants which have nothing in common with PC-like extensions. An attachment should never be trusted by its extension. In the PC world, it is common to rename a .exe file as a .jpg or .doc file extension. Instead, every attachment should be screened as to its content. Files without an extension could be limited to ASCII content. Binary files (any extension) should be identified as to content using magic numbers (a Unix term for standard patterns) and rejected if there is a mismatch or undefined content.
But most important, the editor should report an error when rejecting an attachment plus an online help tag to explain the error and requirements.
06-30-2011 09:14 AM
We looked at this and due to security reasons we are not going to allow files without an extension. In addition, there is considerable documentation of people creating .php files and removing the extensions and running them (since browser treat files differently than the standard O/S kernel). If you want to attach a file that has no extension, then please append it to a .txt extension. Another possibility is to zip the file then you don't have to append the file extension.
I realize that the Unix/Linux world is different then the PC world.
I will contact Lithium regarding issuing an error message when a file attachment is not performed correctly.