id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
18150	Uploading a file ending with a backslash fails	Peter Kuma		"When uploading a file, the filename as supplied in `Content-Disposition` filename parameter is sanitized by:

{{{
def IE_sanitize(self, filename):
    """"""Cleanup filename from Internet Explorer full paths.""""""
    return filename and filename[filename.rfind(""\\"")+1:].strip()
}}}

in `multipartparser.py`. If the filename contains a backslash, only the part following the backslash is retained. Because backslash is a valid character in unix file names, this behavior is not consistent with the expectations of a unix user.

More importantly, uploading a file ending with a backslash results in `AttributeError`. Consider the following section of `MultiPartParser.parse()`:

{{{
file_name = disposition.get('filename')
if not file_name:
    continue
file_name = force_unicode(file_name, encoding, errors='replace')
file_name = self.IE_sanitize(unescape_entities(file_name))
}}}

If the filename parameter is empty, the file is ignored. However, if file_name is empty as a result of `IE_sanitize` stripping away the part before the last backslash character, the processing continues, and later fails with:

`AttributeError`[[BR]]
Exception Value: '`TemporaryFileUploadHandler`' object has no attribute 'file'[[BR]]
Exception Location: /usr/lib/python2.6/site-packages/django/core/files/uploadhandler.py in file_complete, line 141

{{{
140.    def file_complete(self, file_size):
141.        self.file.seek(0)
}}}

One way of resolving this issue might be by making `IE_sanitize` less invasive, for example by making it effective only if filename begins with `X:\`.
"	Bug	new	File uploads/storage	1.4	Normal			nuno@… supersteve9219	Accepted	1	1	0	1	0	0