Replace unicode control codes with spaces in attachment filename

[Ryan J Ollos]

It was discussed on the ​mailing list that control codes in attachment filename should be replaced with whitespaces.

[Ryan J Ollos]

As mentioned on the mailing list, the following behaviors are seen:

• In Chrome the control code will be url-encoded
• In Firefox the control code will be replaced with whitespace
• In Opera an error will be issued that the file can't be found

Even with the patch, the browser will have the first chance to modify the filename. So as far as I can tell, if we implement some behavior in AttachmentModule._do_save to replace control codes with whitespace, it will really only help in the case that there are some browsers that pass along the filename with the control-codes still present.

The following case was also mentioned on the mailing list:

$ echo "good day!" > "file
"
trac-admin ../tracdev attachment add wiki:WikiStart "file
"

When trying to view the file through the browser we get: No handler matched request to /attachment/wiki/WikiStart/file1 .txt.

I'm more convinced that this is hardly worth worrying about, but might something like the following work well?: log:rjollos.git:t11395

I don't understand everything that is going on inside of _normalized_filename, but at least we can easily write unit tests for it, and it might be appropriate for trac.util.

[Ryan J Ollos]

It seemed least risky to finally push this to the trunk. Committed in [13603].