This is an automated email from the ASF dual-hosted git repository. michaelsmolina pushed a commit to branch 5.0 in repository https://gitbox.apache.org/repos/asf/superset.git
commit 30e3e2e437030f2a42bd30950568aa03a5afebba Author: Sam Firke <[email protected]> AuthorDate: Mon Mar 17 13:31:11 2025 -0400 fix(spreadsheet uploads): make file extension comparisons case-insensitive (#32696) (cherry picked from commit 6a13ab8920dc95ad64036151f83d89c195ca441c) --- superset-frontend/src/features/databases/UploadDataModel/index.tsx | 7 +++++-- superset/databases/schemas.py | 5 ++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/superset-frontend/src/features/databases/UploadDataModel/index.tsx b/superset-frontend/src/features/databases/UploadDataModel/index.tsx index eccfe3da37..9a7626505d 100644 --- a/superset-frontend/src/features/databases/UploadDataModel/index.tsx +++ b/superset-frontend/src/features/databases/UploadDataModel/index.tsx @@ -183,8 +183,11 @@ export const validateUploadFileExtension = ( return false; } - const fileType = extensionMatch[1]; - return allowedExtensions.includes(fileType); + const fileType = extensionMatch[1].toLowerCase(); + const lowerCaseAllowedExtensions = allowedExtensions.map(ext => + ext.toLowerCase(), + ); + return lowerCaseAllowedExtensions.includes(fileType); }; interface StyledSwitchContainerProps extends SwitchProps { diff --git a/superset/databases/schemas.py b/superset/databases/schemas.py index 54a5bb20b6..0ac152193a 100644 --- a/superset/databases/schemas.py +++ b/superset/databases/schemas.py @@ -1088,7 +1088,10 @@ class BaseUploadFilePostSchemaMixin(Schema): def validate_file_extension(self, file: FileStorage) -> None: allowed_extensions = current_app.config["ALLOWED_EXTENSIONS"] file_suffix = Path(file.filename).suffix - if not file_suffix or file_suffix[1:] not in allowed_extensions: + if not file_suffix: + raise ValidationError([_("File extension is not allowed.")]) + # Make case-insensitive comparison + if file_suffix[1:].lower() not in [ext.lower() for ext in allowed_extensions]: raise ValidationError([_("File extension is not allowed.")])
