Open jkittner opened 3 years ago
Mhm I though a little more on this an my solution would not allow e.g. tar.gz
(would become gz
only), so a different approach would be necessary to solve both cases...
If the filename is tar.gz
or example.tar.gz
, treat gz
as its extension seems to be reasonable, you can and should be able to unzip it to tar
or example.tar
, and example.tar
will be able to be un-tared.
When using
flask_wtf.file.FileAllowed
to validate that a file has the correct file extension, a file named'.ext'
is seen as having the correct file extension. For me this behavior was a little unexpected and I was wondering if this is intentional/correct..ext
so it is validos.path.splitext('.ext')
returns('.ext', '')
so it treats it as the filename, not the extension. Would it be consistent/more correct to replace the.endswith
here with a comparision toos.path.splitext()[1]
? https://github.com/wtforms/flask-wtf/blob/6d2fcde659041aa7579cbb51ce4f329d88442716/src/flask_wtf/file.py#L84a fix could be something like this maybe?: https://github.com/theendlessriver13/flask-wtf/blob/741aa2ed138e3b821b364b41496d4af91aec1e9b/src/flask_wtf/file.py#L84-L87
Any thoughts on this? I think an (explicit) workaround would be to add a separate custom validator checking the filename itself?