File upload in IE

[matjazp]

I have strange problem uploading files with international names in Internet Explorer. I have a file č.txt 

Name: Latin Small Letter C With Caron

Unicode Code Point: U+010D

Unicode Character: č

Decimal NCRs: č

Hexadecimal NCRs: č

UTF-8 Code: C4 8D

Escaped Unicode: \u010D

Category: Latin Extended-A

When file is uploaded in Chrome or FF, letter č is sanitized to c, that is expected result. When I upload the file in IE, č is "sanitized" to a. So, I enabled tracing and also echoed the values coming into validateFilename function in WireUpload.php. This is what I found.

In FF or Chrome "č.txt" is 196, 141, 46, 116, 120, 116. 46 = ".", 116 = "t", 120 = "x". 196 and 141 are C4 and 8D hex, that is UTF-8 encoding. This is expected result. In tracelog: X-FILENAME: %C4%8D.txt

In IE "č.txt" is 195, 132, 194, 141, 46, 116, 120, 116. Again 46 = ".", 116 = "t", 120 = "x". But where did 195 (C3), 132 (84), 194 (C2), 141 (8D) come from? In tracelog: X-FILENAME: %C3%84%C2%8D.txt

So IE is sending file name in different encoding or what?

Edited October 31, 2015 by LostKobrakai
Moved to Dev Talk

[matjazp]

Update: found it! It's unescape() function in the InputFieldFile.js:

xhr.setRequestHeader("X-FILENAME", unescape(encodeURIComponent(file.name)));

If you omit the encodeURIComponent, IE behaves as Chrome and FF:

xhr.setRequestHeader("X-FILENAME", unescape(file.name));

Edited November 1, 2015 by matjazp

[matjazp]

Update: I think I found solution.

In InputFieldFile.js replaced 

xhr.setRequestHeader("X-FILENAME", unescape(encodeURIComponent(file.name)));

to

xhr.setRequestHeader("X-FILENAME", encodeURIComponent(file.name));

and then in WireUpload.php (line 134) replaced

if(!$filename = $_SERVER['HTTP_X_FILENAME']) return false; 

with

if(!$filename = rawurldecode($_SERVER['HTTP_X_FILENAME'])) return false;