From 66ec6cf9b892cd22dd75d9b66f10b120ebe233ed Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 27 Aug 2015 10:48:58 +0100 Subject: [PATCH 1/2] Check for an internationalised filename first --- synapse/rest/media/v1/base_resource.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/synapse/rest/media/v1/base_resource.py b/synapse/rest/media/v1/base_resource.py index 610cb3ef8..03ebbbefe 100644 --- a/synapse/rest/media/v1/base_resource.py +++ b/synapse/rest/media/v1/base_resource.py @@ -145,14 +145,20 @@ class BaseMediaResource(Resource): content_disposition = headers.get("Content-Disposition", None) if content_disposition: _, params = cgi.parse_header(content_disposition[0],) - upload_name = params.get("filename", None) - if upload_name and not is_ascii(upload_name): - upload_name = None - else: - upload_name_utf8 = params.get("filename*", None) - if upload_name_utf8: - if upload_name_utf8.lower().startswith("utf-8''"): - upload_name = upload_name_utf8[7:] + upload_name = None + + # First check if there is a valid UTF-8 filename + upload_name_utf8 = params.get("filename*", None) + if upload_name_utf8: + if upload_name_utf8.lower().startswith("utf-8''"): + upload_name = upload_name_utf8[7:] + + # If there isn't check for an ascii name. + if not upload_name: + upload_name = params.get("filename", None) + if upload_name and not is_ascii(upload_name): + upload_name = None + if upload_name: upload_name = urlparse.unquote(upload_name) try: From ddf4d2bd981cbc4079b2bff0a2bba500b1aad208 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 27 Aug 2015 10:50:49 +0100 Subject: [PATCH 2/2] Consistency --- synapse/rest/media/v1/base_resource.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/synapse/rest/media/v1/base_resource.py b/synapse/rest/media/v1/base_resource.py index 03ebbbefe..b2aeb8c90 100644 --- a/synapse/rest/media/v1/base_resource.py +++ b/synapse/rest/media/v1/base_resource.py @@ -155,9 +155,9 @@ class BaseMediaResource(Resource): # If there isn't check for an ascii name. if not upload_name: - upload_name = params.get("filename", None) - if upload_name and not is_ascii(upload_name): - upload_name = None + upload_name_ascii = params.get("filename", None) + if upload_name_ascii and is_ascii(upload_name_ascii): + upload_name = upload_name_ascii if upload_name: upload_name = urlparse.unquote(upload_name)