From 9d3e5e4cddae06c4290f31ffe07a1e3164a3f902 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Tue, 7 Aug 2012 23:33:14 +0100
Subject: [PATCH] Issue #1037632 by Sheldon Rampton, Tor Arne Thune: Fixed
 Attaching a forbidden file to a node gives an error message with bogus file
 path.

---
 core/modules/file/file.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/modules/file/file.js b/core/modules/file/file.js
index 28237ea1feac..5f21ca5510f6 100644
--- a/core/modules/file/file.js
+++ b/core/modules/file/file.js
@@ -88,7 +88,14 @@ Drupal.file = Drupal.file || {
       var acceptableMatch = new RegExp('\\.(' + extensionPattern + ')$', 'gi');
       if (!acceptableMatch.test(this.value)) {
         var error = Drupal.t("The selected file %filename cannot be uploaded. Only files with the following extensions are allowed: %extensions.", {
-          '%filename': this.value,
+          // According to the specifications of HTML5, a file upload control
+          // should not reveal the real local path to the file that a user
+          // has selected. Some web browsers implement this restriction by
+          // replacing the local path with "C:\fakepath\", which can cause
+          // confusion by leaving the user thinking perhaps Drupal could not
+          // find the file because it messed up the file path. To avoid this
+          // confusion, therefore, we strip out the bogus fakepath string.
+          '%filename': this.value.replace('C:\\fakepath\\', ''),
           '%extensions': extensionPattern.replace(/\|/g, ', ')
         });
         $(this).closest('div.form-managed-file').prepend('<div class="messages error file-upload-js-error">' + error + '</div>');
-- 
GitLab