Issue with + and # in filenames when syncing via NC desktop app

📱 Desktop & mobile clients
,
23

My config is largely based on this tutorial: Nextcloud Installationsanleitung (Apache Fast Track) - Carsten Rieger

apache config:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName cloud.domain.tld
DocumentRoot /var/www/html/nextcloud

<Directory /var/www/html/nextcloud/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
Satisfy Any
</Directory>

<IfModule mod_dav.c>
Dav off
</IfModule>

<Directory /var/nextcloud-data/>
Require all denied
</Directory>

<Files ".ht*">
Require all denied
</Files>

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* - [R=405,L]

SetEnv HOME /var/www/html/nextcloud
SetEnv HTTP_HOME /var/www/html/nextcloud

<IfModule mod_reqtimeout.c>
RequestReadTimeout body=0
</IfModule>

<IfModule mod_headers.c>
Header set Permissions-Policy "interest-cohort=()"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>

ProxyPass /push/ws ws://127.0.0.1:7867/ws
ProxyPass /push/ http://127.0.0.1:7867/
ProxyPassReverse /push/ http://127.0.0.1:7867/

ProxyPass /whiteboard http://127.0.0.1:3002 upgrade=websocket

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/letsencrypt/live/cloud.domain.tld/fullchain.pem
SSLCACertificateFile /etc/letsencrypt/live/cloud.domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/cloud.domain.tld/privkey.pem

SSLEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLCipherSuite TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:RSA-PSK-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-DSS-AES256-GCM-SHA384:ADH-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:PSK-AES256-CCM:DHE-PSK-AES256-CCM:PSK-AES256-CCM8:DHE-PSK-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-CCM8
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLOpenSSLConfCmd Curves secp384r1:secp256r1
SSLOpenSSLConfCmd ECDHParameters secp384r1
</VirtualHost>
</IfModule>

config.php:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.domain.tld"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "31.0.9.1",
        "overwrite.cli.url": "https:\/\/cloud.domain.tld",
        "overwritehost": "cloud.domain.tld",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "theme": "",
        "loglevel": 2,
        "maintenance": false,
        "maintenance_window_start": 1,
        "activity_expire_days": 14,
        "auth.bruteforce.protection.enabled": false,
        "auth.webauthn.enabled": false,
        "forbidden_filenames": [
            ".htaccess",
            "Thumbs.db",
            "thumbs.db"
        ],
        "cron_log": true,
        "enable_previews": true,
        "enabledPreviewProviders": [
            "OC\\Preview\\PNG",
            "OC\\Preview\\JPEG",
            "OC\\Preview\\GIF",
            "OC\\Preview\\BMP",
            "OC\\Preview\\TIFF",
            "OC\\Preview\\HEIC",
            "OC\\Preview\\HEIF",
            "OC\\Preview\\XBitmap",
            "OC\\Preview\\Image",
            "OC\\Preview\\Raw",
            "OC\\Preview\\Movie",
            "OC\\Preview\\MP3",
            "OC\\Preview\\PDF",
            "OC\\Preview\\TXT",
            "OC\\Preview\\MarkDown",
            "OC\\Preview\\Imaginary"
        ],
        "preview_imaginary_url": "***REMOVED SENSITIVE VALUE***",
        "preview_max_x": 4096,
        "preview_max_y": 4096,
        "preview_max_scale_factor": 1,
        "allow_local_remote_servers": true,
        "filesystem_check_changes": 0,
        "filelocking.enabled": true,
        "htaccess.RewriteBase": "\/",
        "integrity.check.disabled": false,
        "knowledgebaseenabled": false,
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "logtimezone": "Europe\/Zurich",
        "default_phone_region": "CH",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0,
            "dbindex": 1,
            "timeout": 0.5,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "overwriteprotocol": "https",
        "quota_include_external_storage": false,
        "share_folder": "\/Shares",
        "skeletondirectory": "",
        "trashbin_retention_obligation": "auto",
        "updater.release.channel": "stable",
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpport": "465",
        "twofactor_enforced": "false",
        "twofactor_enforced_groups": [],
        "twofactor_enforced_excluded_groups": [],
        "simpleSignUpLink.shown": false,
        "profile.enabled": false,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauth": 1,
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "log_rotate_size": "0",
        "memories.db.triggers.fcu": true,
        "memories.exiftool": "\/var\/www\/html\/nextcloud\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
        "memories.vod.path": "\/var\/www\/html\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
        "memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
        "memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
    },
24

If some file are not working, please check what part is blocking it. The client, the server, perhaps it is the connection (“security” products might prevent some “suspicious” activity).

The percent is a bit special, you can Access to %APPDATA% for example. Not sure for all the characters, if they have some special function in Win/Linux/Mac, in doubt, check the original pull requests for more information.

The + symbol, I find a bit odd, but all the others I wouldn’t use anyway. Depending on OS they can make problems, if you want to address files or folders in scripts you risk to have to escape them, …

25

The thing is that nothing gets blocked on my server, not even the Windows characters that should be blocked.

I mean, it’s not really an issue for me as I generally avoid using special characters in file names, except for dashes and underscores, but shouldn’t the blocking of the forbidden Windows characters be enabled by default since the last one or two versions?

1 Like