Uploading a file with a dot in filename returns an error #1816

New Issue

OVERLORD · 2026-02-05T01:57:40+03:00

OVERLORD commented

2026-02-05 01:57:40 +03:00

Originally created by @mhulet on GitHub (Aug 9, 2020).

Describe the bug
Uploading an image with filename Screenshot 2020-08-04 at 21.42.34.png returns an error.
Uploading an image with filename Screenshot 2020-08-04 at 214234.png succeeds.

Steps To Reproduce
Steps to reproduce the behavior:

Edit a page
Click on the image icon in the WYSIWYG editor
Try to upload an image with the filename above
See error

Expected behavior
Uploading an image with dot(s) in filename succeeds.

Screenshots

Screenshot is in French: "file must have only one filename extension"

Your Configuration (please complete the following information):

Exact BookStack Version (Found in settings): 0.29.3
PHP Version: 7.3.17
Hosting Method (Nginx/Apache/Docker): Docker

Originally created by @mhulet on GitHub (Aug 9, 2020). **Describe the bug** Uploading an image with filename `Screenshot 2020-08-04 at 21.42.34.png` returns an error. Uploading an image with filename `Screenshot 2020-08-04 at 214234.png` succeeds. **Steps To Reproduce** Steps to reproduce the behavior: 1. Edit a page 2. Click on the image icon in the WYSIWYG editor 3. Try to upload an image with the filename above 4. See error **Expected behavior** Uploading an image with dot(s) in filename succeeds. **Screenshots** <img width="194" alt="Screenshot 2020-08-08 at 23 21 05" src="https://user-images.githubusercontent.com/293355/89719953-db5c3e00-d9cd-11ea-8295-352c6a3b0aed.png"> Screenshot is in French: _"file must have only one filename extension"_ **Your Configuration (please complete the following information):** - Exact BookStack Version (Found in settings): 0.29.3 - PHP Version: 7.3.17 - Hosting Method (Nginx/Apache/Docker): Docker

OVERLORD added the 🏭 Back-End label 2026-02-05 01:57:40 +03:00

OVERLORD closed this issue

2026-02-05 01:57:43 +03:00

OVERLORD commented

2026-02-05 01:57:47 +03:00

@ssddanbrown commented on GitHub (Sep 5, 2020):

Hi @mhulet,
Thanks for submitting the clear request.
This is done on purpose since we try to keep the original file name in the image path for context, and having multiple dots in a filename can open a system to a certain range of vulnerabilities on various webserver setups.

Maybe we should change this to instead remove all but the last dot automatically?

@ssddanbrown commented on GitHub (Sep 5, 2020): Hi @mhulet, Thanks for submitting the clear request. This is done on purpose since we try to keep the original file name in the image path for context, and having multiple dots in a filename can open a system to a certain range of vulnerabilities on various webserver setups. Maybe we should change this to instead remove all but the last dot automatically?

OVERLORD commented

2026-02-05 01:57:52 +03:00

@ssddanbrown commented on GitHub (Mar 15, 2021):

This has been incorporated as part of #2611 thanks to @Hecke29 and will be part of the next feature release.

@ssddanbrown commented on GitHub (Mar 15, 2021): This has been incorporated as part of #2611 thanks to @Hecke29 and will be part of the next feature release.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#1816