>>>>> I'm in agreement on the insane aspect of it, but it seems to work just
>>>>> fine to create a file with a linefeed character on TracStandalone:
>>>>>
>>>>> $ echo "Some text" > "myfile
>>>>> "
>>>>>
>>>>> The linefeed character is encoded as %0A: myfile%0A
This behavior depends on browser implementation. Firefox replaces
linefeed characters with spaces. I guess that you're using Google
Chrome.
Firefox:
http://hg.mozilla.org/mozilla-central/file/757c2011df5b/content/html/content/src/nsFormSubmission.cpp#l445
http://hg.mozilla.org/mozilla-central/file/757c2011df5b/content/html/content/src/nsFormSubmission.cpp#l521
http://hg.mozilla.org/mozilla-central/file/757c2011df5b/content/html/content/src/nsFormSubmission.cpp#l705
Webkit:
http://trac.webkit.org/browser/trunk/Source/WebCore/platform/network/FormDataBuilder.cpp?rev=159750#L163
http://trac.webkit.org/browser/trunk/Source/WebCore/platform/network/FormDataBuilder.cpp?rev=159750#L56
Also, Trac currently strips whitespaces from filename. Then, it would
be strip the linefeed character after "myfile".
http://trac.edgewall.org/browser/tags/trac-1.0.1/trac/attachment.py?marks=715#L711
>> 1. Do not allow uploading such attachments at all
>> 2. Allow uploads and support new line chars in attachments web UI
>> 3. Keep things as they are now i.e. allow uploads and still fail to
>> match attachment web UI requests
>>
>> It seems to me that (1) is the best approach .
4. Replace unicode control codes with spaces.
See attachment-ctrl-codes.diff.
--
Jun Omae <[email protected]> (大前 潤)
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-dev.
For more options, visit https://groups.google.com/groups/opt_out.
diff --git a/trac/attachment.py b/trac/attachment.py
index ffcc7a0..3b9e048 100644
--- a/trac/attachment.py
+++ b/trac/attachment.py
@@ -43,7 +43,7 @@ from trac.util.compat import sha1
from trac.util.datefmt import format_datetime, from_utimestamp, \
to_datetime, to_utimestamp, utc
from trac.util.text import exception_to_unicode, path_to_unicode, \
- pretty_size, print_table, unicode_unquote
+ pretty_size, print_table, stripws, unicode_unquote
from trac.util.translation import _, tag_
from trac.web import HTTPBadRequest, IRequestHandler, RequestDone
from trac.web.chrome import (INavigationContributor, add_ctxtnav, add_link,
@@ -680,6 +680,12 @@ class AttachmentModule(Component):
# Internal methods
+ _control_codes_re = re.compile(
+ '[' +
+ ''.join(filter(lambda c: unicodedata.category(c) == 'Cc',
+ map(unichr, xrange(0x10000)))) +
+ ']')
+
def _do_save(self, req, attachment):
req.perm(attachment.resource).require('ATTACHMENT_CREATE')
parent_resource = attachment.resource.parent
@@ -713,12 +719,14 @@ class AttachmentModule(Component):
# Files uploaded from OS X might be in NFD.
filename = unicodedata.normalize('NFC', unicode(upload.filename,
'utf-8'))
- filename = filename.strip()
+ # Replace control codes with spaces, e.g. NUL, LF, DEL, U+009F
+ filename = self._control_codes_re.sub(' ', filename)
# Replace backslashes with slashes if filename is Windows full path
if filename.startswith('\\') or re.match(r'[A-Za-z]:\\', filename):
filename = filename.replace('\\', '/')
# We want basename to be delimited by only slashes on all platforms
filename = posixpath.basename(filename)
+ filename = stripws(filename)
if not filename:
raise TracError(_('No file uploaded'))
# Now the filename is known, update the attachment resource
