How Python solves secure_ Filename does not support Chinese

Time:2021-11-26
catalogue
  • 1、 Recently used secure_ Problems found by filename
  • 2、 The reason was found later
  • 3、 Solution
  • 4、 Effect display

Security has been used recently_ Filename, and then tragically found that Chinese was not displayed, so I slowly debugged and finally found the problem.

1、 Recently used secure_ Problems found by filename

The file name is in Chinese. Unfortunately, Chinese and other special characters will be omitted.

2、 The reason was found later

Original secure_ The filename() function only returns ASCII characters, and non ASCII characters are filtered out.

3、 Solution

Secure found_ Filename (filename) function, modify its source code. 

secure_ Filename (filename) function source code:
def secure_filename(filename: str) -> str:
    r"""Pass it a filename and it will return a secure version of it.  This
    filename can then safely be stored on a regular file system and passed
    to :func:`os.path.join`.  The filename returned is an ASCII only string
    for maximum portability.

    On windows systems the function also makes sure that the file is not
    named after one of the special device files.

    >>> secure_filename("My cool movie.mov")
    'My_cool_movie.mov'
    >>> secure_filename("../../../etc/passwd")
    'etc_passwd'
    >>> secure_filename('i contain cool \xfcml\xe4uts.txt')
    'i_contain_cool_umlauts.txt'

    The function might return an empty filename.  It's your responsibility
    to ensure that the filename is unique and that you abort or
    generate a random filename if the function returned an empty one.

    .. versionadded:: 0.5

    :param filename: the filename to secure
    """
    filename = unicodedata.normalize("NFKD", filename)
    filename = filename.encode("ascii", "ignore").decode("ascii")

    for sep in os.path.sep, os.path.altsep:
        if sep:
            filename = filename.replace(sep, " ")
    filename = str(_filename_ascii_strip_re.sub("", "_".join(filename.split()))).strip(
        "._"
    )

    # on nt a couple of special files are present in each folder.  We
    # have to ensure that the target file is not such a filename.  In
    # this case we prepend an underline
    if (
        os.name == "nt"
        and filename
        and filename.split(".")[0].upper() in _windows_device_files
    ):
        filename = f"_{filename}"

    return filename

secure_ Modified code of filename (filename) function: 

def secure_filename(filename: str) -> str:
    r"""Pass it a filename and it will return a secure version of it.  This
    filename can then safely be stored on a regular file system and passed
    to :func:`os.path.join`.  The filename returned is an ASCII only string
    for maximum portability.

    On windows systems the function also makes sure that the file is not
    named after one of the special device files.

    >>> secure_filename("My cool movie.mov")
    'My_cool_movie.mov'
    >>> secure_filename("../../../etc/passwd")
    'etc_passwd'
    >>> secure_filename('i contain cool \xfcml\xe4uts.txt')
    'i_contain_cool_umlauts.txt'

    The function might return an empty filename.  It's your responsibility
    to ensure that the filename is unique and that you abort or
    generate a random filename if the function returned an empty one.

    .. versionadded:: 0.5

    :param filename: the filename to secure
    """
    filename = unicodedata.normalize("NFKD", filename)
    Filename = filename. Encode ("utf8", "ignore"). Decode ("utf8") # encoding format changed

    for sep in os.path.sep, os.path.altsep:
        if sep:
            filename = filename.replace(sep, " ")
    _filename_ascii_add_strip_re = re.compile(r'[^A-Za-z0-9_\u4E00-\u9FBF\u3040-\u30FF\u31F0-\u31FF.-]')
    Filename = str (_filename_ascii_add_strip_re. Sub ('', ''. Join (filename. Split())))). Strip ('.') # add new rule

    # on nt a couple of special files are present in each folder.  We
    # have to ensure that the target file is not such a filename.  In
    # this case we prepend an underline
    if (
        os.name == "nt"
        and filename
        and filename.split(".")[0].upper() in _windows_device_files
    ):
        filename = f"_{filename}"

    return filename

4、 Effect display

We clearly see the effect. At present, it supports Chinese

This is how Python solves secure_ That’s all for the article filename does not support Chinese. More about Python secure_ Filename does not support Chinese content. Please search the previous articles of developeppaer or continue to browse the relevant articles below. I hope you will support developeppaer in the future!

Tags: , , ,

Recommended Today

Vue. Extend application for creating dynamic components

When using Ant Design Vue, I found a message pop-up window that can be called directly as follows: this.$info({ title: ‘This is a notification message’, content:’some messages…some messages…’ onOk() {}, }); Popup Then I was thinking, can I also encapsulate such a component, instead of importing the component written in advance every time, and call […]