Cannot stream upload containing '%` in its filename
Steps to reproduce
What happens / What is expected ?
The file fails to play because the API answers 404. NginX logs typically report:
2019/09/23 19:20:52 [error] 362#362: *28968 open() "/music/Kaytranada/99.9/05 Drive Me Crazy.flac" failed (2: No such file or directory), client: 172.17.0.1, server: _, request: "GET /api/v1/listen/7d0deaf2-819b-4fa7-ba04-f918ab80ddb3/?upl oad=a9dda866-d219-4bda-9ac7-38b76b51ecc9&jwt=XD HTTP/1.1", upstream: "http://127.0.0.1:8000/api/v1/listen/7d0deaf2-819b-4fa7-ba04-f918ab80ddb3/?upload=a9dda866-d219-4bda-9ac7-38b76b51ecc9&jwt=XD", host: "funkwhale.theof.fr", referrer: "https://funkwhale.theof.fr/library/artists/29/"
I checked in Django admin the path for that upload, and it seems correct (
/music/Kaytranada/99.9%/05 Drive Me Crazy.flac) which makes me believe some sort of escaping for the `%' character is not done properly before passing that path to NginX.
Hence I'm marking this as confidential as I guess it might be a security issue ? but have'nt done further research.
By the way I would love to hear how you tell NginX to send a file from the API :)
Funkwhale version(s) affected: 0.19.0
love your work, you're awesome ! :)