Replaces django's extended unquote function with urlunquote

This avoids wrongly unescaping characters that aren't escaped by the browser, like underscores.
django-cms · Nov 29, 2016 · f2c6650 · f2c6650
1 parent 5b90ef9
commit f2c6650
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/filer/admin/folderadmin.py b/filer/admin/folderadmin.py
@@ -19,7 +19,7 @@
 from django.shortcuts import get_object_or_404, render
 from django.utils.encoding import force_text
 from django.utils.html import escape
-from django.utils.http import urlquote
+from django.utils.http import urlquote, urlunquote
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext as _
 from django.utils.translation import ugettext_lazy, ungettext
@@ -287,7 +287,7 @@ def directory_listing(self, request, folder_id=None, viewtype=None):
         # search
         q = request.GET.get('q', None)
         if q:
-            search_terms = unquote(q).split(" ")
+            search_terms = urlunquote(q).split(" ")
             search_mode = True
         else:
             search_terms = []

diff --git a/filer/tests/admin.py b/filer/tests/admin.py
@@ -887,6 +887,29 @@ class DontSearchOwnerEmailFolderAdmin(FolderAdmin):
         folder_qs = folderadmin.filter_folder(Folder.objects.all(), ['[email protected]'])
         self.assertEqual(len(folder_qs), 0)
 
+    def test_search_special_characters(self):
+        """ 
+        Regression test for https://github.com/divio/django-filer/pull/945.
+        Because of a wrong unquoting function being used, searches with 
+        some "_XX" sequences got unquoted as unicode characters.
+        For example, "_ec" gets unquoted as u'ì'.
+        """
+        url = reverse('admin:filer-directory_listing',
+                      kwargs={'folder_id': self.parent.id})
+
+        # Create a file with a problematic filename
+        problematic_file = django.core.files.base.ContentFile('some data')
+        filename = u'christopher_eccleston'
+        problematic_file.name = filename
+        self.spam_file = File.objects.create(
+            owner=self.staff_user, original_filename=filename,
+            file=problematic_file, folder=self.parent)
+
+        # Valid search for the filename, should have one result
+        response = self.client.get(url, {'q': filename})
+        item_list = response.context['paginated_items'].object_list
+        self.assertEqual(len(item_list), 1)
+
 
 class FilerAdminContextTests(TestCase, BulkOperationsMixin):
     def setUp(self):