dzxs / django-photologue

Automatically exported from code.google.com/p/django-photologue
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

SuspiciousOperation while uploading zip file with non-latin names files #143

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. In admin - Add gallery upload
2. Select a zip file with photos with non-latin names (example: french or
russian letters)
3. Try upload

What is the expected output? What do you see instead?
Instead of usual successful uploading and creating a gallery I see an error
notification

What version of the product are you using? On what operating system?
-r405. Both on Windows XP and FreeBSD.

Please provide any additional information below.

Traceback (most recent call last):

  File "C:\Python26\lib\site-packages\django\core\servers\basehttp.py",
line 279, in run
    self.result = application(self.environ, self.start_response)

  File "C:\Python26\lib\site-packages\django\core\servers\basehttp.py",
line 651, in __call__
    return self.application(environ, start_response)

  File "C:\Python26\lib\site-packages\django\core\handlers\wsgi.py", line
241, in __call__
    response = self.get_response(request)

  File "C:\Python26\lib\site-packages\django\core\handlers\base.py", line
134, in get_response
    return self.handle_uncaught_exception(request, resolver, exc_info)

  File "C:\Python26\lib\site-packages\django\core\handlers\base.py", line
154, in handle_uncaught_exception
    return debug.technical_500_response(request, *exc_info)

  File "C:\Python26\lib\site-packages\django\views\debug.py", line 40, in
technical_500_response
    html = reporter.get_traceback_html()

  File "C:\Python26\lib\site-packages\django\views\debug.py", line 99, in
get_traceback_html
    'exception_value': smart_unicode(self.exc_value, errors='replace'),

  File "C:\Python26\lib\site-packages\django\utils\encoding.py", line 44,
in smart_unicode
    return force_unicode(s, encoding, strings_only, errors)

  File "C:\Python26\lib\site-packages\django\utils\encoding.py", line 92,
in force_unicode
    raise DjangoUnicodeDecodeError(s, *e.args)

DjangoUnicodeDecodeError: 'ascii' codec can't decode byte 0x82 in position
39: ordinal not in range(128). You passed in SuspiciousOperation("Attempted
access to 'photologue\\photos\\\x82\xae\xa4\xef\xad\xeb\xa5
\xab\xa8\xab\xa8\xa8.jpg' denied.",) (<class
'django.core.exceptions.SuspiciousOperation'>)

Original issue reported on code.google.com by pakhomov...@yandex.ru on 2 Dec 2009 at 10:25

GoogleCodeExporter commented 9 years ago
Is this issue maybe related to this:
http://code.djangoproject.com/ticket/12397

The essence of which is that the media path begins with "/".

Original comment by ele....@gmail.com on 6 Jan 2010 at 9:41

GoogleCodeExporter commented 9 years ago
I don't think these issues are related because it works well with latin 
symbols. So
the problem is connected with decoding. 

Original comment by pakhomov...@yandex.ru on 8 Jan 2010 at 8:02

GoogleCodeExporter commented 9 years ago
I just want to store file somewhere in my root path. I guess I should customer 
the 
save function myself.

Original comment by wooodyhu...@gmail.com on 11 Apr 2010 at 3:30

GoogleCodeExporter commented 9 years ago
I can confirm that having files with non-latin characters filenames in a zip 
file throws the error. Test case is to upload the attached "umlauteinside.zip" 
file as a gallery. Working case is the same image file in a zip named with only 
latin characters ("no-umlaute.zip"). Both zips were generated with 7-zip under 
Win7 64bit.

Although I can't reproduce it now on a Win7-64bit development host, I have seen 
this even worse behavior on a Linux host: You can't browse the photos in the 
admin afterwards, it throws 

Caught an exception while rendering: ('ascii', 'grunwei\xc3\x9f', 7, 8, 
'ordinal not in range(128)')

when visiting /admin/photologue/photo/. Real bad. This kills the site and needs 
manual DB intervention to clear out (just delete the offending image entry in 
table photologue_photo).

Original comment by philipp....@googlemail.com on 19 Jul 2010 at 9:54

Attachments:

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I coded a test that tries to create a GalleryUpload-object for each of the two 
ZIP-Files above (encoded inside the code) and fails with the umlauteinside.zip 
one.
Also included is a solution that sanitized filenames inside the ZIP-file before 
writing them to disk.

This patch should apply cleanly using patch -p2 to django-photologue-2.2.

Original comment by philipp....@googlemail.com on 19 Jul 2010 at 4:50

Attachments:

GoogleCodeExporter commented 9 years ago
Here's the proper way to sanitize paths ...

http://code.google.com/p/django-photologue/issues/detail?id=119#c6

Original comment by hainea...@gmail.com on 8 Feb 2011 at 7:04