>>>>> I'm in agreement on the insane aspect of it, but it seems to work just
>>>>> fine to create a file with a linefeed character on TracStandalone:
>>>>>
>>>>> $ echo "Some text" > "myfile
>>>>> "
>>>>>
>>>>> The linefeed character is encoded as %0A: myfile%0A
This behavior depends on browser implementation. Firefox replaces
linefeed characters with spaces. I guess that you're using Google
Chrome.
Firefox:
http://hg.mozilla.org/mozilla-central/file/757c2011df5b/content/html/content/src/nsFormSubmission.cpp#l445
http://hg.mozilla.org/mozilla-central/file/757c2011df5b/content/html/content/src/nsFormSubmission.cpp#l521
http://hg.mozilla.org/mozilla-central/file/757c2011df5b/content/html/content/src/nsFormSubmission.cpp#l705
Webkit:
http://trac.webkit.org/browser/trunk/Source/WebCore/platform/network/FormDataBuilder.cpp?rev=159750#L163
http://trac.webkit.org/browser/trunk/Source/WebCore/platform/network/FormDataBuilder.cpp?rev=159750#L56
Also, Trac currently strips whitespaces from filename. Then, it would
be strip the linefeed character after "myfile".
http://trac.edgewall.org/browser/tags/trac-1.0.1/trac/attachment.py?marks=715#L711
>> 1. Do not allow uploading such attachments at all
>> 2. Allow uploads and support new line chars in attachments web UI
>> 3. Keep things as they are now i.e. allow uploads and still fail to
>> match attachment web UI requests
>>
>> It seems to me that (1) is the best approach .
4. Replace unicode control codes with spaces.
See attachment-ctrl-codes.diff.
--
Jun Omae <jun6...@gmail.com> (大前 潤)
--
You received this message because you are subscribed to the Google Groups "Trac
Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to trac-dev+unsubscr...@googlegroups.com.
To post to this group, send email to trac-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/trac-dev.
For more options, visit https://groups.google.com/groups/opt_out.
diff --git a/trac/attachment.py b/trac/attachment.py
index ffcc7a0..3b9e048 100644
--- a/trac/attachment.py
+++ b/trac/attachment.py
@@ -43,7 +43,7 @@ from trac.util.compat import sha1
from trac.util.datefmt import format_datetime, from_utimestamp, \
to_datetime, to_utimestamp, utc
from trac.util.text import exception_to_unicode, path_to_unicode, \
- pretty_size, print_table, unicode_unquote
+ pretty_size, print_table, stripws, unicode_unquote
from trac.util.translation import _, tag_
from trac.web import HTTPBadRequest, IRequestHandler, RequestDone
from trac.web.chrome import (INavigationContributor, add_ctxtnav, add_link,
@@ -680,6 +680,12 @@ class AttachmentModule(Component):
# Internal methods
+ _control_codes_re = re.compile(
+ '[' +
+ ''.join(filter(lambda c: unicodedata.category(c) == 'Cc',
+ map(unichr, xrange(0x10000)))) +
+ ']')
+
def _do_save(self, req, attachment):
req.perm(attachment.resource).require('ATTACHMENT_CREATE')
parent_resource = attachment.resource.parent
@@ -713,12 +719,14 @@ class AttachmentModule(Component):
# Files uploaded from OS X might be in NFD.
filename = unicodedata.normalize('NFC', unicode(upload.filename,
'utf-8'))
- filename = filename.strip()
+ # Replace control codes with spaces, e.g. NUL, LF, DEL, U+009F
+ filename = self._control_codes_re.sub(' ', filename)
# Replace backslashes with slashes if filename is Windows full path
if filename.startswith('\\') or re.match(r'[A-Za-z]:\\', filename):
filename = filename.replace('\\', '/')
# We want basename to be delimited by only slashes on all platforms
filename = posixpath.basename(filename)
+ filename = stripws(filename)
if not filename:
raise TracError(_('No file uploaded'))
# Now the filename is known, update the attachment resource
