Filename has been changed if upload via web interface
After upgraded to gitlab-ce-11.1.2, every time when I upload a file via web interface, if the filename contains character "【" or "】", it will be automatically changed to '_' after upload.
And after upgraded to gitlab-ce-11.1.4, this bug still there.
And this bug can be reproduced on Gitlab.com.
Steps to reproduce
- Open any project's Repository-Files interface in browser.
- Click '+' button and choose 'Upload file'.
- Drag & Drop any file that in it's filename contains character '【' or '】' or both.
- Check uploaded file's filename in project's repository.
What is the current bug behavior?
Changes uploaded file's filename that uploaded via web interface.
What is the expected correct behavior?
Keep uploaded file's filename upchanged.
Relevant logs and/or screenshots
Before click 'Upload file'
After click 'Upload file'
Output of checks
This bug happens on GitLab.com
When the form sends the file, the browser url encodes the file name and in the server we create a tmp file with that url encoded name. When we create the
UploadFile object, we don't url decode the name, so we're using by default the encoded name, which is wrong. When we build the
UploadFile we should decode and build the object with the proper name.
Besides, the sanitization method we use is quite rigid, and it would even convert valid file name characters. Instead of using the
CarrierWave::SanitizedFile.sanitize_regexp regex we could use
ActiveStorage one. Nevertheless, since we don't load the
ActiveStorage library, we could use directly the code
ActiveStorage uses. See comment and
ActiveStorage#sanitize code to learn more.