On Jun 19, 2006, at 10:58 AM, Fabio Varesano wrote:
Should the munge_filename function became a file api?
it should, yes, but that's complicated. part of the upload_munge_filename() stuff depends on a whitelist of approved file extensions. those are handled as a setting from the upload.module. so, to make munge* a separate function in file.inc that didn't depend on the upload.module, we'd need to put those settings somewhere else, too. since the existing munge stuff was done in the heat of the moment to get 4.7.2 out, no one felt like doing that much additional work to make things generic, moving all this code into the file API, etc... but, it's a pain in the neck for those of us trying to make contribs more secure using this stuff, since now our modules will depend on the upload module, even if they don't the regular upload form element, etc. we should definitely consider reorganizing this code in 4.8. sadly, i'm going to be unavailable for drupal hacking until mid july, so i can't spearhead this effort (at least not until at least the end of july). -derek (dww)