Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Normalize handling of special Unicode characters when uploading files…

…, for example when a file is uploaded with the filename Poëzie.pdf...

- IE uploads with filename = u'Po\xebzie.pdf'
- Chrome (Mac) uploads with filename = u'Poe\u0308zie.pdf'
which are essentially the same character, just in a different Unicode normalization form.
Using unicodedata.normalize('NFC', …) the filename is normalized to the NFC variant (e\u0308 becomes \xeb), which is handled further by Django.
  • Loading branch information...
commit 31ae4ffc7ab007007f7031a7d6d6028f7622bcf7 1 parent e7b4290
@dbunskoek dbunskoek authored
Showing with 7 additions and 0 deletions.
  1. +7 −0 fiber/api/handlers.py
View
7 fiber/api/handlers.py
@@ -1,4 +1,5 @@
import os
+from unicodedata import normalize
from django.core.files.uploadedfile import SimpleUploadedFile
from django.db.models import F, Max
@@ -274,6 +275,7 @@ class FileUploadHandler(BaseHandler):
def save_xhr(self, request):
filename = request.GET['qqfile']
file = SimpleUploadedFile(filename, request.raw_post_data)
+ file.name = normalize('NFC', file.name)
expected_length = int(request.environ.get('CONTENT_LENGTH', 0))
if expected_length != file.size:
@@ -287,6 +289,8 @@ def save_xhr(self, request):
def save_form(self, request):
file = request.FILES['qqfile']
+ file.name = normalize('NFC', file.name)
+
File.objects.create(
file=file,
title='uploaded', # TODO: empty title
@@ -308,6 +312,7 @@ class ImageUploadHandler(BaseHandler):
def save_xhr(self, request):
filename = request.GET['qqfile']
file = SimpleUploadedFile(filename, request.raw_post_data)
+ file.name = normalize('NFC', file.name)
expected_length = int(request.environ.get('CONTENT_LENGTH', 0))
if expected_length != file.size:
@@ -321,6 +326,8 @@ def save_xhr(self, request):
def save_form(self, request):
file = request.FILES['qqfile']
+ file.name = normalize('NFC', file.name)
+
Image.objects.create(
image=file,
title='uploaded', # TODO: empty title
Please sign in to comment.
Something went wrong with that request. Please try again.