Re: [Erw-devel] fset (again) - usability recommendations/ feature requests

[erw-devel]

On Tue, Apr 12, 2005 at 11:20:29AM +0200, address@hidden wrote:
> On Mon, 2005-04-11 at 00:25 -0400, address@hidden wrote:
> > I'm further playing with ERW and fset seems to be the only 'flawed' 
> > component as far
> > as building a production system.
> > 
> 
> I realise that some people need that, but what if a user uploads a file
> named "fuck.html" and then a secretary downloads it and saves it without
> looking carefully?

What if the file "contains" that word and many others? There is nothing to 
prevent
that currently. It feels like a weak concern.

> 
> The point of not having original file names was exactly to avoid
> situations of this kind.
> 
> The second problem is that we should filter filenames in a way that
> guarantees that they will be usable in any operating system. If I put a
> \ in a filename is not a problem in UN*X, but it is a problem in
> Windoze. Since the access is through a web interface, we should be sure
> to never serve a filename that is not saveable.

Related to the problem is files in textmode with different EOL and EOF 
encodings. 

There is a lot involved if you try to design for all possible strange
cases. I would think just mapping characters outside a certain set of legal 
characters
- map them to '_' would probably eliminate the entire filename issue. Let 
people use it
that way and then gather feedback if there are issues. A later version can 
contain
the NASA engineered code to do unicode filenames that automatically convert to 
OS native
formats and limitations :)



> 
> > The two things that are getting in the way:
> > - Original filename is not stored. I looked through the two files you 
> > recommended and came up 
> >   with a hackish way to store a filename - it seems it would be better if 
> > the system incorporated
> >   that concept into the model from the beginning - i.e. somefset_thefile 
> > would have one extra field
> >   named 'sourcename' or 'name' or whatever (generated in the SQL), that 
> > gets populated when a file gets uploaded.
> > - Can't find anyway to display the filename in the 
> > ["somefset_thefile"]["display"]["field"] area. Only showing mimetypes
> >   and filesizes isn't enough!
> 
> The idea is that users should have an explicit "Title" or "Name" field
> associated to each file that is used to name the file. The filename in
> general is not very descriptive.
> 
> Displaying the filename needs a bit more hacking because ERW must know
> that there is another virtual field.
> 
> I'll look into this in the next days. Stay tuned.
> -- 
> Ciao,
> 
>                                         seba


TIA ...

Alfred



> 
> 
> _______________________________________________
> Erw-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/erw-devel