Filename has been changed if upload via web interface
Summary
After upgraded to gitlab-ce-11.1.2, every time when I upload a file via web interface, if the filename contains character "【" or "】", it will be automatically changed to '_' after upload.
And after upgraded to gitlab-ce-11.1.4, this bug still there.
And this bug can be reproduced on Gitlab.com.
Steps to reproduce
- Open any project's Repository-Files interface in browser.
- Click '+' button and choose 'Upload file'.
- Drag & Drop any file that in it's filename contains character '【' or '】' or both.
- Check uploaded file's filename in project's repository.
Example Project
https://gitlab.com/zhulp77/test-proj
What is the current bug behavior?
Changes uploaded file's filename that uploaded via web interface.
What is the expected correct behavior?
Keep uploaded file's filename upchanged.
Relevant logs and/or screenshots
Before click 'Upload file'
After click 'Upload file'
Output of checks
This bug happens on GitLab.com
Possible fixes
When the form sends the file, the browser url encodes the file name and in the server we create a tmp file with that url encoded name. When we create the UploadFile
object, we don't url decode the name, so we're using by default the encoded name, which is wrong. When we build the UploadFile
we should decode and build the object with the proper name.
Besides, the sanitization method we use is quite rigid, and it would even convert valid file name characters. Instead of using the CarrierWave::SanitizedFile.sanitize_regexp
regex we could use ActiveStorage
one. Nevertheless, since we don't load the ActiveStorage
library, we could use directly the code ActiveStorage
uses. See comment and ActiveStorage#sanitize
code to learn more.