fixed uploading of favicons: allowed only extension of type .ico and allowed upload of files with names that have spaces

4 files changed, 14 insertions, 5 deletions

diff --git a/.gitignore b/.gitignore
index ce223938..98ad33f6 100755
--- a/.gitignore
+++ b/.gitignore
@@ -33,6 +33,7 @@ askbot/upfiles/*.jpg
 askbot/upfiles/*.jpeg
 askbot/upfiles/*.gif
 askbot/upfiles/*.png
+askbot/upfiles/*.ico
 askbot/upfiles/avatars/
 askbot/skins/common/media/mathjax/
 /jinja2
diff --git a/askbot/conf/skin_general_settings.py b/askbot/conf/skin_general_settings.py
index bbe5e22d..b90d3de5 100644
--- a/askbot/conf/skin_general_settings.py
+++ b/askbot/conf/skin_general_settings.py
@@ -57,8 +57,9 @@ settings.register(
                         'at <a href="%(favicon_info_url)s">this page</a>.'
                     ) % {'favicon_info_url': const.DEPENDENCY_URLS['favicon']},
         upload_directory = django_settings.ASKBOT_FILE_UPLOAD_DIR,
+        allowed_file_extensions = ('ico',),#only allow .ico files
         upload_url = '/' + django_settings.ASKBOT_UPLOADED_FILES_URL,
-        default = '/m/default/media/images/favicon.gif',
+        default = '/images/favicon.gif',
         url_resolver = skin_utils.get_media_url
     )
 )
diff --git a/askbot/deps/livesettings/values.py b/askbot/deps/livesettings/values.py
index 6d994410..740d9884 100644
--- a/askbot/deps/livesettings/values.py
+++ b/askbot/deps/livesettings/values.py
@@ -567,6 +567,10 @@ class LongStringValue(Value):
 class ImageValue(StringValue):
 
     def __init__(self, *args, **kwargs):
+        self.allowed_file_extensions = kwargs.pop(
+            'allowed_file_extensions',
+            ('jpg', 'gif', 'png')
+        )
         self.upload_directory = kwargs.pop('upload_directory')
         self.upload_url = kwargs.pop('upload_url')
         self.url_resolver = kwargs.pop('url_resolver', None)
@@ -575,6 +579,7 @@ class ImageValue(StringValue):
     class field(forms.FileField):
         def __init__(self, *args, **kwargs):
             kwargs['required'] = False
+            self.allowed_file_extensions = kwargs.pop('allowed_file_extensions')
             url_resolver = kwargs.pop('url_resolver')
             kwargs['widget'] = ImageInput(url_resolver = url_resolver)
             forms.FileField.__init__(self, *args, **kwargs)
@@ -583,14 +588,15 @@ class ImageValue(StringValue):
             if not file_data and initial:
                 return initial
             (base_name, ext) = os.path.splitext(file_data.name)
-            image_extensions = ('.jpg', '.gif', '.png')
-            if ext.lower() not in image_extensions:
+            #first character in ext is .
+            if ext[1:].lower() not in self.allowed_file_extensions:
                 error_message = _('Allowed image file types are %(types)s') \
-                        % {'types': ', '.join(image_extensions)}
+                        % {'types': ', '.join(self.allowed_file_extensions)}
                 raise forms.ValidationError(error_message)
 
     def make_field(self, **kwargs):
         kwargs['url_resolver'] = self.url_resolver
+        kwargs['allowed_file_extensions'] = self.allowed_file_extensions
         return super(StringValue, self).make_field(**kwargs)
 
     def update(self, uploaded_file):
diff --git a/askbot/skins/utils.py b/askbot/skins/utils.py
index 1f2148e6..7eaeb304 100644
--- a/askbot/skins/utils.py
+++ b/askbot/skins/utils.py
@@ -7,6 +7,7 @@ the lookup resolution process for templates and media works as follows:
 """
 import os
 import logging
+import urllib
 from django.conf import settings as django_settings
 from django.utils.datastructures import SortedDict
 
@@ -93,7 +94,7 @@ def get_media_url(url, ignore_missing = False):
     """
     #import datetime
     #before = datetime.datetime.now()
-    url = unicode(url)
+    url = urllib.unquote(unicode(url))
     while url[0] == '/': url = url[1:]
     #todo: handles case of multiple skin directories