mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.

Browse Source 
Thanks to Dennis Brinkrolf for the report.
This commit is contained in:
Florian Apolloner
2021-12-17 21:07:50 +01:00
committed by Carlton Gibson
parent 761f449e0d
commit 6d343d01c5
6 changed files with 42 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/file_storage/tests.py
View File

@@ -298,6 +298,12 @@ class FileStorageTests(SimpleTestCase):
self.storage.delete('path/to/test.file')
def test_file_save_abs_path(self):
test_name = 'path/to/test.file'
f = ContentFile('file saved with path')
f_name = self.storage.save(os.path.join(self.temp_dir, test_name), f)
self.assertEqual(f_name, test_name)
@unittest.skipUnless(symlinks_supported(), 'Must be able to symlink to run this test.')
def test_file_save_broken_symlink(self):
"""A new path is created on save when a broken symlink is supplied."""