Media browser filename containing "&" issues.

[BigBlockStudios]

Summary

Users can upload but rename or delete files containing linux metacharacters (&) in the file name. only tested the ampersand (&).
Trying to rename the file results in an error: The webserver does not have the necessary permissions to update the directory.
Try to delete the file gives error: Please specify a valid directory.: /vhome/accordfinancial.com/httpdocs/assets/AAA&AAA.pdf

file had to be manually removed VIA the shell

Step to reproduce

Upload and try to manipulate a file with "&" in the name.

Environment

Modx Version 2.5.4 running on centOS 6xx
PHP Version 5.4.45

[BigBlockStudios]

just tried updating a different site & uploading/managing files with metacharacters in it - same problem exists in 2.5.6

[mrhaw]

Adding this as a note. MODX util files:
https://github.com/modxcms/revolution/tree/fbf126690f6ce903faeaeb9f1d958211fc2203c9/manager/assets/modext/util

[mindeffects]

It's a different thing but having "#" or "+" inside the filename break the image preview thumbnail. But renaming is possible.

[OptimusCrime]

I am pretty sure a # in the name will break it no matter what, as the anchor tag has a special meaning in HTTP.

[meshkov]

Issue fixed in 3.x.

[alroniks]

MODX 3 now use flysystem library for dealing with files and it seems that the issue is already fixed (as @meshkov mentioned). I am closing it but feel free to reopen if the issue still actual.

[meshkov]

Tested it in MODX 3.0 in TV with type image and it is break the image preview in TV.
TV with this images does not work on pages.

[alroniks]

Hi @meshkov Does it mean that we should reopen the issue?

[meshkov]

Hi @alroniks yes, but it problem with TV, not with media browser. Maybe new issue?

[alroniks]

TV utilize media browser so it is related. Reopened.