From 42b7584068e51a58d2bfe76729fe039fe7f6a7cf Mon Sep 17 00:00:00 2001
From: Shadowfacts <me@shadowfacts.net>
Date: Mon, 14 Jan 2019 11:31:44 -0500
Subject: [PATCH 1/2] URI escape file upload URLs

---
 lib/pleroma/upload.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pleroma/upload.ex b/lib/pleroma/upload.ex
index 0b1bdeec4..185ba25fa 100644
--- a/lib/pleroma/upload.ex
+++ b/lib/pleroma/upload.ex
@@ -215,7 +215,7 @@ defmodule Pleroma.Upload do
   end
 
   defp url_from_spec(base_url, {:file, path}) do
-    [base_url, "media", path]
+    [base_url, "media", URI.encode(path)]
     |> Path.join()
   end
 

From dcbe5bd58ccb1068d17ba15703169593d4bbb393 Mon Sep 17 00:00:00 2001
From: Shadowfacts <me@shadowfacts.net>
Date: Mon, 14 Jan 2019 13:29:38 -0500
Subject: [PATCH 2/2] Add attachment escaping test

---
 test/upload_test.exs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/test/upload_test.exs b/test/upload_test.exs
index d4ea3a573..bda503361 100644
--- a/test/upload_test.exs
+++ b/test/upload_test.exs
@@ -137,5 +137,20 @@ defmodule Pleroma.UploadTest do
 
       refute data["name"] == "an [image.jpg"
     end
+
+    test "escapes invalid characters in url" do
+      File.cp!("test/fixtures/image.jpg", "test/fixtures/image_tmp.jpg")
+
+      file = %Plug.Upload{
+        content_type: "image/jpg",
+        path: Path.absname("test/fixtures/image_tmp.jpg"),
+        filename: "an… image.jpg"
+      }
+
+      {:ok, data} = Upload.store(file)
+      [attachment_url | _] = data["url"]
+
+      assert Path.basename(attachment_url["href"]) == "an%E2%80%A6%20image.jpg"
+    end
   end
 end