IAttachmentManipulators cannot validate the attachment's filename field

[Carsten Klein <carsten.klein@…>]

In attachment.py#AttachmentModule#_do_save setting attachment.filename is outcommented.

Therefore, ticket manipulators cannot validate the filename easily, unless they reimplement part of the _do_save method.

In this patch

attachment.py

@@ -255 +255 @@
 
         if not os.access(self.path, os.F_OK):
             os.makedirs(self.path)
+        # must reset self.filename prior insert
+        self.filename = None
         filename = unicode_quote(filename)
         path, targetfile = create_unique_file(os.path.join(self.path,
                                                            filename))
@@ -631 +633 @@
         if not filename:
             raise TracError(_('No file uploaded'))
         # Now the filename is known, update the attachment resource
-        # attachment.filename = filename
+        # must be set so that validators can validate the filename
+        attachment.filename = filename
         attachment.description = req.args.get('description', '')
         attachment.author = get_reporter_id(req, 'author')
         attachment.ipnr = req.remote_addr

the filename will be set, and, since it causes problems with Attachment#insert when doing so prior to the attachment being inserted, in the insert method the filename will be reset to None.

[Remy Blank]

Not a regression, not critical → not for 0.12.

[Emmanuel Blot]

Fixed in [10695]

[Emmanuel Blot]

Replying to eblot:

Fixed in [10695]

Proper commit message should have been:

0.12.3dev: fixed attachment filename issue (#9280)

editing svn:log is not allowed.

[Christian Boos]

Replying to eblot:

editing svn:log is not allowed.

Well, yes, since we have git & mercurial mirrors, we disabled that in order to not have different commit logs between the systems.