Opened 2 years ago

Closed 2 years ago

#21033 closed Bug (fixed)

Uploaded file's name truncates to 255 not in all cases

Reported by: homm Owned by: nobody
Component: File uploads/storage Version: master
Severity: Normal Keywords:
Cc: bmispelon@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

If uploaded file name has very-ver long extension, it not truncates to 255 chars.

Change History (8)

comment:1 Changed 2 years ago by homm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 2 years ago by timo

Changing the file extension seems like it may not be a good idea. Did you run into a problem with this?

comment:3 Changed 2 years ago by homm

What do you mean by "extension"? This patch truncate sequence of chars after last dot longer then 255 chars. Is such sequence can be called "extension"? I do not think so.

I see problem there: malefactor can send file with name longer then 255 chars. I don't know, is it problem does matter at all. If it does matter let's do strict check. If it is doesn't matter, let's remove this check at all.

Last edited 2 years ago by homm (previous) (diff)

comment:4 Changed 2 years ago by sduveen

  • Triage Stage changed from Unreviewed to Accepted

I don't think 'file extension' can reasonably describe anything that is over 255 chars after a dot. Patch and test look good. (refering to https://github.com/django/django/pull/1548/files#L0L45)

comment:5 Changed 2 years ago by sduveen

  • Triage Stage changed from Accepted to Ready for checkin

comment:6 Changed 2 years ago by bmispelon

  • Cc bmispelon@… added
  • Patch needs improvement set
  • Triage Stage changed from Ready for checkin to Accepted

I think the tests should be moved to file_uploads/, next to the one that tests the truncating functionality [1].

I would also rewrite them to immitate the test_filename_overflow test, which I think tests the issue more accurately: we want to make sure that an uploaded file doesn't have a name longer than 255 characters.

Thanks.

[1] https://github.com/django/django/blob/master/tests/file_uploads/tests.py#L168

comment:7 Changed 2 years ago by homm

I update patch and move tests in file_uploads.

comment:8 Changed 2 years ago by Baptiste Mispelon <bmispelon@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 7008ed61c519f93a9b6c5c547ad718ad2deb959b:

Fixed #21033 -- Fixed uploaded filenames not always being truncated to 255 characters

Note: See TracTickets for help on using tickets.
Back to Top