Opened 8 years ago
Closed 7 years ago
#28165 closed Bug (fixed)
FileExtensionValidator's allowed_extensions must be given in lower case
| Reported by: | Arne de Laat | Owned by: | nobody |
|---|---|---|---|
| Component: | File uploads/storage | Version: | 1.11 |
| Severity: | Normal | Keywords: | validators filefield |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Using any uppercase character for an 'allowed_extension' prevents it from being matched. Because the input filename is being lowered before comparison to the extensions.
Here is an example:
from django.core.validators import FileExtensionValidator from collections import namedtuple valid = FileExtensionValidator(['pdf', 'png']) File = namedtuple('File', ['name']) # valid: different case in file name named_file = File(name='myfile.PDF') valid(named_file) named_file = File(name='myfile.PdF') valid(named_file) # using uppercase in validator valid = FileExtensionValidator(['PDF', 'PNG']) # invalid: everything, because the case of the input is lowered named_file = File(name='myfile.PDF') valid(named_file) # ValidationError: ["File extension 'pdf' is not allowed. Allowed extensions are: 'PDF, PNG'."] named_file = File(name='myfile.pdf') valid(named_file) # ValidationError: ["File extension 'pdf' is not allowed. Allowed extensions are: 'PDF, PNG'."]
Change History (4)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
The problem with that is that it would be less obvious, why not simply support case insensitive matching?
Additionally if you retrieve the extensions from some source, as is done to validate images (using the extensions supported by Pillow) you need to ensure those are already lowered, or add some additional code to ensure they are.
Also, the current validation error is also a bit unclear 'pdf' is not allowed. Allowed extensions are: 'PDF', even if the original file extension is PDF. So to clarify that error some code would need to be changed anyway.
comment:3 by , 8 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
I think that file extensions are case insensitive on all platforms I know. That is I'm not aware of systems/libs/apps which treat file extensions differently whether they are uppercase or lowercase. So I tend to agree with Arne.
If there are use cases for allowing only one or another form, please speak...
A solution not requiring any code changes would be to document that
allowed_extensionsshould be lower case. Is there a problem with that approach?