From f2c665028195c03d90533a0fa9d22498875969c5 Mon Sep 17 00:00:00 2001
From: Robert Kirberich <kirberich@potatolondon.com>
Date: Tue, 29 Nov 2016 11:06:21 +0000
Subject: [PATCH] Replaces django's extended unquote function with urlunquote

This avoids wrongly unescaping characters that aren't escaped by the browser, like underscores.
---
 filer/admin/folderadmin.py |  4 ++--
 filer/tests/admin.py       | 23 +++++++++++++++++++++++
 2 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/filer/admin/folderadmin.py b/filer/admin/folderadmin.py
index 7aa4520e9..f636c4ff8 100644
--- a/filer/admin/folderadmin.py
+++ b/filer/admin/folderadmin.py
@@ -19,7 +19,7 @@
 from django.shortcuts import get_object_or_404, render
 from django.utils.encoding import force_text
 from django.utils.html import escape
-from django.utils.http import urlquote
+from django.utils.http import urlquote, urlunquote
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext as _
 from django.utils.translation import ugettext_lazy, ungettext
@@ -287,7 +287,7 @@ def directory_listing(self, request, folder_id=None, viewtype=None):
         # search
         q = request.GET.get('q', None)
         if q:
-            search_terms = unquote(q).split(" ")
+            search_terms = urlunquote(q).split(" ")
             search_mode = True
         else:
             search_terms = []
diff --git a/filer/tests/admin.py b/filer/tests/admin.py
index 7423ff8ac..15f309ac0 100644
--- a/filer/tests/admin.py
+++ b/filer/tests/admin.py
@@ -887,6 +887,29 @@ class DontSearchOwnerEmailFolderAdmin(FolderAdmin):
         folder_qs = folderadmin.filter_folder(Folder.objects.all(), ['joe@mata.com'])
         self.assertEqual(len(folder_qs), 0)
 
+    def test_search_special_characters(self):
+        """ 
+        Regression test for https://github.com/divio/django-filer/pull/945.
+        Because of a wrong unquoting function being used, searches with 
+        some "_XX" sequences got unquoted as unicode characters.
+        For example, "_ec" gets unquoted as u'ì'.
+        """
+        url = reverse('admin:filer-directory_listing',
+                      kwargs={'folder_id': self.parent.id})
+
+        # Create a file with a problematic filename
+        problematic_file = django.core.files.base.ContentFile('some data')
+        filename = u'christopher_eccleston'
+        problematic_file.name = filename
+        self.spam_file = File.objects.create(
+            owner=self.staff_user, original_filename=filename,
+            file=problematic_file, folder=self.parent)
+
+        # Valid search for the filename, should have one result
+        response = self.client.get(url, {'q': filename})
+        item_list = response.context['paginated_items'].object_list
+        self.assertEqual(len(item_list), 1)
+
 
 class FilerAdminContextTests(TestCase, BulkOperationsMixin):
     def setUp(self):