-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extend cleaning for downloaded file names #6492
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #6492 +/- ##
===========================================
- Coverage 81.75% 81.75% -0.01%
===========================================
Files 337 337
Lines 38516 38525 +9
Branches 3547 3547
===========================================
+ Hits 31488 31495 +7
- Misses 7028 7030 +2
|
Do I understand correctly that all Unicode characters will be removed from the file name? |
I tried to use |
Hm, right, that's not good. BTW, I can't rename an existing task to such name. |
…o zm/clean-download-filenames
## \[2.5.2\] - 2023-07-27 ### Added - We've added support for multi-line text attributes (<#6458>) - You can now set a default attribute value for SELECT, RADIO types on UI (<#6474>) - \[SDK\] `cvat_sdk.datasets`, is now available, providing a framework-agnostic alternative to `cvat_sdk.pytorch` (<#6428>) - We've introduced analytics for Jobs, Tasks, and Project (<#6371>) ### Changed - \[Helm\] In Helm, we've added a configurable default storage option to the chart (<#6137>) ### Removed - \[Helm\] In Helm, we've eliminated the obligatory use of hardcoded traefik ingress (<#6137>) ### Fixed - Fixed an issue with calculating the number of objects on the annotation view when frames are deleted (<#6493>) - \[SDK\] In SDK, we've fixed the issue with creating attributes with blank default values (<#6454>) - \[SDK\] We've corrected a problem in SDK where it was altering input data in models (<#6455>) - Fixed exporting of hash for shapes and tags in a specific corner case (<#6517>) - Resolved the issue where 3D jobs couldn't be opened in validation mode (<#6507>) - Fixed SAM plugin (403 code for workers in organizations) (<#6514>) - Fixed the issue where initial frame from query parameter was not opening specific frame in a job (<#6506>) - Corrected the issue with the removal of the first keyframe (<#6494>) - Fixed the display of project previews on small screens and updated stylelint & rules (<#6551>) - Implemented server-side validation for attribute specifications (<#6447>) - \[API\] Fixed API issue related to file downloading failures for filenames with special characters (<#6492>) - \[Helm\] In Helm, we've resolved an issue with multiple caches in the same RWX volume, which was preventing db migration from starting (<#6137>) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Anastasia Yasakova <[email protected]> Co-authored-by: yasakova-anastasia <[email protected]> Co-authored-by: Roman Donchenko <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Boris Sekachev <[email protected]> Co-authored-by: Maxim Zhiltsov <[email protected]> Co-authored-by: Kirill Sizov <[email protected]> Co-authored-by: Nikita Manovich <[email protected]> Co-authored-by: Mariia Acoca <[email protected]> Co-authored-by: Kirill Lakhov <[email protected]> Co-authored-by: Michael Kirpichev <[email protected]> Co-authored-by: Michael Kirpichev <[email protected]> Co-authored-by: Boris Sekachev <[email protected]>
## \[2.5.2\] - 2023-07-27 ### Added - We've added support for multi-line text attributes (<cvat-ai#6458>) - You can now set a default attribute value for SELECT, RADIO types on UI (<cvat-ai#6474>) - \[SDK\] `cvat_sdk.datasets`, is now available, providing a framework-agnostic alternative to `cvat_sdk.pytorch` (<cvat-ai#6428>) - We've introduced analytics for Jobs, Tasks, and Project (<cvat-ai#6371>) ### Changed - \[Helm\] In Helm, we've added a configurable default storage option to the chart (<cvat-ai#6137>) ### Removed - \[Helm\] In Helm, we've eliminated the obligatory use of hardcoded traefik ingress (<cvat-ai#6137>) ### Fixed - Fixed an issue with calculating the number of objects on the annotation view when frames are deleted (<cvat-ai#6493>) - \[SDK\] In SDK, we've fixed the issue with creating attributes with blank default values (<cvat-ai#6454>) - \[SDK\] We've corrected a problem in SDK where it was altering input data in models (<cvat-ai#6455>) - Fixed exporting of hash for shapes and tags in a specific corner case (<cvat-ai#6517>) - Resolved the issue where 3D jobs couldn't be opened in validation mode (<cvat-ai#6507>) - Fixed SAM plugin (403 code for workers in organizations) (<cvat-ai#6514>) - Fixed the issue where initial frame from query parameter was not opening specific frame in a job (<cvat-ai#6506>) - Corrected the issue with the removal of the first keyframe (<cvat-ai#6494>) - Fixed the display of project previews on small screens and updated stylelint & rules (<cvat-ai#6551>) - Implemented server-side validation for attribute specifications (<cvat-ai#6447>) - \[API\] Fixed API issue related to file downloading failures for filenames with special characters (<cvat-ai#6492>) - \[Helm\] In Helm, we've resolved an issue with multiple caches in the same RWX volume, which was preventing db migration from starting (<cvat-ai#6137>) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Anastasia Yasakova <[email protected]> Co-authored-by: yasakova-anastasia <[email protected]> Co-authored-by: Roman Donchenko <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Boris Sekachev <[email protected]> Co-authored-by: Maxim Zhiltsov <[email protected]> Co-authored-by: Kirill Sizov <[email protected]> Co-authored-by: Nikita Manovich <[email protected]> Co-authored-by: Mariia Acoca <[email protected]> Co-authored-by: Kirill Lakhov <[email protected]> Co-authored-by: Michael Kirpichev <[email protected]> Co-authored-by: Michael Kirpichev <[email protected]> Co-authored-by: Boris Sekachev <[email protected]>
Control characters in filenames may conflict with the Content-Disposition header value restrictions, as it needs to include the downloaded file name. The problem is that many tools (including sendfile) just check for ascii/unicode conversion, while there are also ascii chars that can't be used. Ref: RFC 8178 This PR adds extra cleanup for downloaded file names. Added a custom replacement for the sendfile() function
- We've added support for multi-line text attributes (<cvat-ai#6458>) - You can now set a default attribute value for SELECT, RADIO types on UI (<cvat-ai#6474>) - \[SDK\] `cvat_sdk.datasets`, is now available, providing a framework-agnostic alternative to `cvat_sdk.pytorch` (<cvat-ai#6428>) - We've introduced analytics for Jobs, Tasks, and Project (<cvat-ai#6371>) - \[Helm\] In Helm, we've added a configurable default storage option to the chart (<cvat-ai#6137>) - \[Helm\] In Helm, we've eliminated the obligatory use of hardcoded traefik ingress (<cvat-ai#6137>) - Fixed an issue with calculating the number of objects on the annotation view when frames are deleted (<cvat-ai#6493>) - \[SDK\] In SDK, we've fixed the issue with creating attributes with blank default values (<cvat-ai#6454>) - \[SDK\] We've corrected a problem in SDK where it was altering input data in models (<cvat-ai#6455>) - Fixed exporting of hash for shapes and tags in a specific corner case (<cvat-ai#6517>) - Resolved the issue where 3D jobs couldn't be opened in validation mode (<cvat-ai#6507>) - Fixed SAM plugin (403 code for workers in organizations) (<cvat-ai#6514>) - Fixed the issue where initial frame from query parameter was not opening specific frame in a job (<cvat-ai#6506>) - Corrected the issue with the removal of the first keyframe (<cvat-ai#6494>) - Fixed the display of project previews on small screens and updated stylelint & rules (<cvat-ai#6551>) - Implemented server-side validation for attribute specifications (<cvat-ai#6447>) - \[API\] Fixed API issue related to file downloading failures for filenames with special characters (<cvat-ai#6492>) - \[Helm\] In Helm, we've resolved an issue with multiple caches in the same RWX volume, which was preventing db migration from starting (<cvat-ai#6137>) --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Anastasia Yasakova <[email protected]> Co-authored-by: yasakova-anastasia <[email protected]> Co-authored-by: Roman Donchenko <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Boris Sekachev <[email protected]> Co-authored-by: Maxim Zhiltsov <[email protected]> Co-authored-by: Kirill Sizov <[email protected]> Co-authored-by: Nikita Manovich <[email protected]> Co-authored-by: Mariia Acoca <[email protected]> Co-authored-by: Kirill Lakhov <[email protected]> Co-authored-by: Michael Kirpichev <[email protected]> Co-authored-by: Michael Kirpichev <[email protected]> Co-authored-by: Boris Sekachev <[email protected]>
Motivation and context
Control characters in filenames may conflict with the
Content-Disposition
headervalue restrictions, as it needs to include the downloaded file name. The problem is
that many tools (including sendfile) just check for ascii/unicode conversion,
while there are also ascii chars that can't be used.
Ref: RFC 8178
This PR adds extra cleanup for downloaded file names.
sendfile()
functionHow has this been tested?
Unit test
Checklist
develop
branch(cvat-canvas,
cvat-core,
cvat-data and
cvat-ui)
License
Feel free to contact the maintainers if that's a concern.