id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23047	Handle Extended Header Parameters Specified in RFC # 2231	Cea Stapleton	nobody	"This ticket originates with a bug reported in Requests, [https://github.com/kennethreitz/requests/issues/2117 here] but is actually a bug in all versions of Django (and Rack, and more) with the implementation of [http://tools.ietf.org/html/rfc2231#section-4 RFC #2231] section 4 (from 1997). This was discussed tangentially in a previous thread [https://code.djangoproject.com/ticket/20147 here] but not addressed. 

For example if someone tries to use a filename like {{{u'файл'}}}, this should be sent to the server as {{{filename*=utf-8''%D1%84%D0%B0%D0%B9%D0%BB}}}. This is not properly parsed by Django and so it appears to not have a filename at all. 

I don't advise immediately parsing and decoding the value because of attacks that are possible through utf-7 and other character sets. "	Bug	closed	File uploads/storage	1.6	Normal	duplicate	multipart, rfc compliance, files		Unreviewed	0	0	0	0	0	0