#21033 closed Bug (fixed)

Uploaded file's name truncates to 255 not in all cases

Reported by: homm Owned by: nobody
Component: File uploads/storage Version: master
Severity: Normal Keywords:
Cc: bmispelon@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

If uploaded file name has very-ver long extension, it not truncates to 255 chars.

Change History (8)

comment:1 Changed 19 months ago by homm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 19 months ago by timo

Changing the file extension seems like it may not be a good idea. Did you run into a problem with this?

comment:3 Changed 19 months ago by homm

What do you mean by "extension"? This patch truncate sequence of chars after last dot longer then 255 chars. Is such sequence can be called "extension"? I do not think so.

I see problem there: malefactor can send file with name longer then 255 chars. I don't know, is it problem does matter at all. If it does matter let's do strict check. If it is doesn't matter, let's remove this check at all.

Last edited 19 months ago by homm (previous) (diff)

comment:4 Changed 19 months ago by sduveen

  • Triage Stage changed from Unreviewed to Accepted

I don't think 'file extension' can reasonably describe anything that is over 255 chars after a dot. Patch and test look good. (refering to https://github.com/django/django/pull/1548/files#L0L45)

comment:5 Changed 19 months ago by sduveen

  • Triage Stage changed from Accepted to Ready for checkin

comment:6 Changed 19 months ago by bmispelon

  • Cc bmispelon@… added
  • Patch needs improvement set
  • Triage Stage changed from Ready for checkin to Accepted

I think the tests should be moved to file_uploads/, next to the one that tests the truncating functionality [1].

I would also rewrite them to immitate the test_filename_overflow test, which I think tests the issue more accurately: we want to make sure that an uploaded file doesn't have a name longer than 255 characters.

Thanks.

[1] https://github.com/django/django/blob/master/tests/file_uploads/tests.py#L168

comment:7 Changed 19 months ago by homm

I update patch and move tests in file_uploads.

comment:8 Changed 19 months ago by Baptiste Mispelon <bmispelon@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 7008ed61c519f93a9b6c5c547ad718ad2deb959b:

Fixed #21033 -- Fixed uploaded filenames not always being truncated to 255 characters

Note: See TracTickets for help on using tickets.
Back to Top