-
Notifications
You must be signed in to change notification settings - Fork 310
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
filename '.ext'
seen as a valid file extension
#465
Comments
Mhm I though a little more on this an my solution would not allow e.g. |
If the filename is |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using
flask_wtf.file.FileAllowed
to validate that a file has the correct file extension, a file named'.ext'
is seen as having the correct file extension. For me this behavior was a little unexpected and I was wondering if this is intentional/correct..ext
so it is validos.path.splitext('.ext')
returns('.ext', '')
so it treats it as the filename, not the extension. Would it be consistent/more correct to replace the.endswith
here with a comparision toos.path.splitext()[1]
?flask-wtf/src/flask_wtf/file.py
Line 84 in 6d2fcde
a fix could be something like this maybe?:
https://github.com/theendlessriver13/flask-wtf/blob/741aa2ed138e3b821b364b41496d4af91aec1e9b/src/flask_wtf/file.py#L84-L87
Any thoughts on this? I think an (explicit) workaround would be to add a separate custom validator checking the filename itself?
The text was updated successfully, but these errors were encountered: