mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Fixed #4947 -- Avoid displaying uploaded file contents in the debug web page. Based on a patch from eibaan@gmail.com.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5874 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		
							
								
								
									
										1
									
								
								AUTHORS
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								AUTHORS
									
									
									
									
									
								
							| @@ -101,6 +101,7 @@ answer newbie questions, and generally made Django that much better: | |||||||
|     dusk@woofle.net |     dusk@woofle.net | ||||||
|     Andy Dustman <farcepest@gmail.com> |     Andy Dustman <farcepest@gmail.com> | ||||||
|     Clint Ecker |     Clint Ecker | ||||||
|  |     eibaan@gmail.com | ||||||
|     enlight |     enlight | ||||||
|     Enrico <rico.bl@gmail.com> |     Enrico <rico.bl@gmail.com> | ||||||
|     A. Murat Eren <meren@pardus.org.tr> |     A. Murat Eren <meren@pardus.org.tr> | ||||||
|   | |||||||
| @@ -2,7 +2,7 @@ import os | |||||||
| from Cookie import SimpleCookie | from Cookie import SimpleCookie | ||||||
| from pprint import pformat | from pprint import pformat | ||||||
| from urllib import urlencode | from urllib import urlencode | ||||||
| from django.utils.datastructures import MultiValueDict | from django.utils.datastructures import MultiValueDict, FileDict | ||||||
| from django.utils.encoding import smart_str, iri_to_uri, force_unicode | from django.utils.encoding import smart_str, iri_to_uri, force_unicode | ||||||
|  |  | ||||||
| RESERVED_CHARS="!*'();:@&=+$,/?%#[]" | RESERVED_CHARS="!*'();:@&=+$,/?%#[]" | ||||||
| @@ -88,11 +88,11 @@ def parse_file_upload(header_dict, post_data): | |||||||
|                 # directory separator, which may not be the same as the |                 # directory separator, which may not be the same as the | ||||||
|                 # client's one.) |                 # client's one.) | ||||||
|                 filename = name_dict['filename'][name_dict['filename'].rfind("\\")+1:] |                 filename = name_dict['filename'][name_dict['filename'].rfind("\\")+1:] | ||||||
|                 FILES.appendlist(name_dict['name'], { |                 FILES.appendlist(name_dict['name'], FileDict({ | ||||||
|                     'filename': filename, |                     'filename': filename, | ||||||
|                     'content-type': 'Content-Type' in submessage and submessage['Content-Type'] or None, |                     'content-type': 'Content-Type' in submessage and submessage['Content-Type'] or None, | ||||||
|                     'content': submessage.get_payload(), |                     'content': submessage.get_payload(), | ||||||
|                 }) |                 })) | ||||||
|             else: |             else: | ||||||
|                 POST.appendlist(name_dict['name'], submessage.get_payload()) |                 POST.appendlist(name_dict['name'], submessage.get_payload()) | ||||||
|     return POST, FILES |     return POST, FILES | ||||||
|   | |||||||
| @@ -267,3 +267,16 @@ class DotExpandedDict(dict): | |||||||
|                 current[bits[-1]] = v |                 current[bits[-1]] = v | ||||||
|             except TypeError: # Special-case if current isn't a dict. |             except TypeError: # Special-case if current isn't a dict. | ||||||
|                 current = {bits[-1] : v} |                 current = {bits[-1] : v} | ||||||
|  |  | ||||||
|  | class FileDict(dict): | ||||||
|  |     """ | ||||||
|  |     A dictionary used to hold uploaded file contents. The only special feature | ||||||
|  |     here is that repr() of this object won't dump the entire contents of the | ||||||
|  |     file to the output. A handy safeguard for a large file upload. | ||||||
|  |     """ | ||||||
|  |     def __repr__(self): | ||||||
|  |         if 'content' in self: | ||||||
|  |             d = dict(self, content='<omitted>') | ||||||
|  |             return dict.__repr__(d) | ||||||
|  |         return dict.__repr__(self) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -64,4 +64,13 @@ True | |||||||
| ['Holovaty'] | ['Holovaty'] | ||||||
| >>> d['person']['2']['firstname'] | >>> d['person']['2']['firstname'] | ||||||
| ['Adrian'] | ['Adrian'] | ||||||
|  |  | ||||||
|  | ### FileDict ################################################################ | ||||||
|  |  | ||||||
|  | >>> d = FileDict({'content': 'once upon a time...'}) | ||||||
|  | >>> repr(d) | ||||||
|  | "{'content': '<omitted>'}" | ||||||
|  | >>> d = FileDict({'other-key': 'once upon a time...'}) | ||||||
|  | >>> repr(d) | ||||||
|  | "{'other-key': 'once upon a time...'}" | ||||||
| """ | """ | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user