IV1T3 / django-middleware-fileuploadvalidation

A Django middleware to validate user file uploads and detect malicious content.
Apache License 2.0
10 stars 2 forks source link

Does this perform filename sanitation? #47

Open Flimm opened 3 months ago

Flimm commented 3 months ago

I'm looking for filename sanitation. For example, Windows cannot correctly handle filenames containing <, >, :, ", /, \, |, ? or *, ASCII control characters or the null byte. In addition, Windows reserves some filenames, including CON, PRN, AUX, NUL and others. Filenames in Windows cannot end in a space or a dot. macOS and Linux have their own restrictions too.

Right now, the setting "keep_original_filename" can only be set to True or False. I propose these values instead:

Does django-middleware-fileuploadvalidation provide this functionality already? Maybe I missed it.

IV1T3 commented 2 months ago

Hey Flimm,

thank you for reaching out! Right now, DMF does not support filename sanitization as you describe it.

I will add it to my backlog. However, I am not sure if I will be able to integrate that feature in the near future. You are more than welcome to open a PR and I will take a look at the changes.

Cheers