From 94248fed3c919f9c22f7679398eb880909543fcc Mon Sep 17 00:00:00 2001
From: Josue Kouka <jkouka@entrouvert.com>
Date: Fri, 29 Jul 2016 12:49:20 +0200
Subject: [PATCH] url encode filenames (#12793)

---
 fargo/fargo/models.py |  9 +++++++--
 tests/test_api.py     | 19 +++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/fargo/fargo/models.py b/fargo/fargo/models.py
index 0f6032b..a1494ef 100644
--- a/fargo/fargo/models.py
+++ b/fargo/fargo/models.py
@@ -3,6 +3,7 @@ import base64
 import subprocess
 import os
 import threading
+import urllib
 
 from django.conf import settings
 from django.core.urlresolvers import reverse
@@ -60,12 +61,16 @@ class UserDocument(models.Model):
         verbose_name_plural = _('user documents')
         ordering = ('-created', 'user')
 
+    @property
+    def filename_encoded(self):
+        return urllib.quote(self.filename, safe='')
+
     def get_download_url(self):
-        return reverse('download', kwargs={'pk': self.id, 'filename': self.filename})
+        return reverse('download', kwargs={'pk': self.id, 'filename': self.filename_encoded})
 
     def get_thumbnail_url(self):
         if self.document.thumbnail:
-            return reverse('thumbnail', kwargs={'pk': self.id, 'filename': self.filename})
+            return reverse('thumbnail', kwargs={'pk': self.id, 'filename': self.filename_encoded})
         return ''
 
 
diff --git a/tests/test_api.py b/tests/test_api.py
index 7412a9a..4fe9c25 100644
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -132,3 +132,22 @@ def test_push_document_max_document_box_size(app, private_settings, admin_user,
     assert response.json['errors'].keys() == ['__all__']
     assert response.json['errors']['__all__'][0]['code'] == 'box-is-full'
     assert response.json['errors']['__all__'][0]['limit'] == 4
+
+
+def test_push_document_slashed_name(app, admin_user, john_doe):
+    login(app)
+    url = reverse('fargo-api-push-document')
+    data = {
+        'user_email': john_doe.email,
+        'origin': 'wcs',
+        'file_b64_content': base64.b64encode('whatever'),
+        'file_name': 'monfichier 18/06/2017.pdf',
+    }
+    response = app.post_json(url, data, status=200)
+    assert response.json['result'] == 1
+    assert models.Document.objects.count() == 1
+    doc = models.UserDocument.objects.first()
+    assert doc.filename == 'monfichier 18/06/2017.pdf'
+    assert doc.get_download_url() == '/1/download/monfichier%252018%252F06%252F2017.pdf'
+    login(app, user=john_doe)
+    app.get(doc.get_download_url(), status=200)
-- 
2.8.1