[Django] #28165: FileExtensionValidator's allowed_extensions must be given in lower case

[Django]

#28165: FileExtensionValidator's allowed_extensions must be given in lower case
-------------------------------------+-------------------------------------
Reporter: Arne de | Owner: nobody
Laat |
Type: Bug | Status: new
Component: File | Version: 1.11
uploads/storage | Keywords: validators
Severity: Normal | filefield
Triage Stage: | Has patch: 1
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Using any uppercase character for an 'allowed_extension' prevents it from
being matched. Because the input filename is being lowered before
comparison to the extensions.

Here is an example:

{{{
#!python
from django.core.validators import FileExtensionValidator
from collections import namedtuple

valid = FileExtensionValidator(['pdf', 'png'])
File = namedtuple('File', ['name'])

# valid: different case in file name
named_file = File(name='myfile.PDF')
valid(named_file)
named_file = File(name='myfile.PdF')
valid(named_file)

# using uppercase in validator
valid = FileExtensionValidator(['PDF', 'PNG'])

# invalid: everything, because the case of the input is lowered
named_file = File(name='myfile.PDF')
valid(named_file)
# ValidationError: ["File extension 'pdf' is not allowed. Allowed
extensions are: 'PDF, PNG'."]

named_file = File(name='myfile.pdf')
valid(named_file)
# ValidationError: ["File extension 'pdf' is not allowed. Allowed
extensions are: 'PDF, PNG'."]
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28165>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#28165: FileExtensionValidator's allowed_extensions must be given in lower case
-------------------------------------+-------------------------------------

Reporter: Arne de Laat | Owner: nobody

Type: Bug | Status: new
Component: File | Version: 1.11
uploads/storage |

Severity: Normal | Resolution:
Keywords: validators | Triage Stage:
filefield | Unreviewed
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Tim Graham):

A solution not requiring any code changes would be to document that
`allowed_extensions` should be lower case. Is there a problem with that
approach?

--
Ticket URL: <https://code.djangoproject.com/ticket/28165#comment:1>

[Django]

#28165: FileExtensionValidator's allowed_extensions must be given in lower case
-------------------------------------+-------------------------------------

Reporter: Arne de Laat | Owner: nobody

Type: Bug | Status: new
Component: File | Version: 1.11
uploads/storage |

Severity: Normal | Resolution:
Keywords: validators | Triage Stage:
filefield | Unreviewed

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Arne de Laat):

The problem with that is that it would be less obvious, why not simply
support case insensitive matching?
Additionally if you retrieve the extensions from some source, as is done
to validate images (using the extensions supported by Pillow) you need to
ensure those are already lowered, or add some additional code to ensure
they are.
Also, the current validation error is also a bit unclear `'pdf' is not
allowed. Allowed extensions are: 'PDF'`, even if the original file
extension is `PDF`. So to clarify that error some code would need to be
changed anyway.

--
Ticket URL: <https://code.djangoproject.com/ticket/28165#comment:2>

[Django]

#28165: FileExtensionValidator's allowed_extensions must be given in lower case

--------------------------------------+------------------------------------

Reporter: Arne de Laat | Owner: nobody

Type: Bug | Status: new
Component: File uploads/storage | Version: 1.11
Severity: Normal | Resolution:
Keywords: validators filefield | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------------+------------------------------------
Changes (by Claude Paroz):

* stage: Unreviewed => Accepted

Comment:

I think that file extensions are case insensitive on all platforms I know.
That is I'm not aware of systems/libs/apps which treat file extensions
differently whether they are uppercase or lowercase. So I tend to agree
with Arne.
If there are use cases for allowing only one or another form, please
speak...

--
Ticket URL: <https://code.djangoproject.com/ticket/28165#comment:3>

[Django]

#28165: FileExtensionValidator's allowed_extensions must be given in lower case

--------------------------------------+------------------------------------
Reporter: Arne de Laat | Owner: nobody

Type: Bug | Status: closed

Component: File uploads/storage | Version: 1.11

Severity: Normal | Resolution: fixed

Keywords: validators filefield | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

--------------------------------------+------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: new => closed
* resolution: => fixed

Comment:

In [changeset:"681d2599ee224826de0050f92f65fdf96bb6a0ca" 681d2599]:
{{{
#!CommitTicketReference repository=""
revision="681d2599ee224826de0050f92f65fdf96bb6a0ca"
Fixed #28165 -- Ignored case in FileExtensionValidator's
allowed_extensions.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/28165#comment:4>