Natalia 
							
						 
					 
					
						
						
							
						
						9f4f63e9eb 
					 
					
						
						
							
							[5.0.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.  
						
						... 
						
						
						
						Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews. 
						
						
					 
					
						2024-07-09 10:03:32 -03:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						0379e7532f 
					 
					
						
						
							
							[5.0.x] Applied Black's 2024 stable style.  
						
						... 
						
						
						
						https://github.com/psf/black/releases/tag/24.1.0 
Backport of 305757aec1 
					
						2024-01-26 12:55:56 +01:00 
						 
				 
			
				
					
						
							
							
								Jarosław Wygoda 
							
						 
					 
					
						
						
							
						
						32940d390a 
					 
					
						
						
							
							Refs  #26029  -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.  
						
						
						
						
					 
					
						2023-01-12 09:58:36 +01:00 
						 
				 
			
				
					
						
							
							
								Francesco Panico 
							
						 
					 
					
						
						
							
						
						72efd840a8 
					 
					
						
						
							
							Fixed   #34110  -- Added in-memory file storage.  
						
						... 
						
						
						
						Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for
reviews. 
						
						
					 
					
						2023-01-10 10:56:59 +01:00 
						 
				 
			
				
					
						
							
							
								Francesco Panico 
							
						 
					 
					
						
						
							
						
						c179ad9fe7 
					 
					
						
						
							
							Refs  #34100  -- Made file upload tests use Storage.exists() where appropriate.  
						
						
						
						
					 
					
						2022-12-30 13:28:47 +01:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
							
						
						9bd174b9a7 
					 
					
						
						
							
							Updated documentation and comments for RFC updates.  
						
						... 
						
						
						
						- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents 
						
						
					 
					
						2022-11-10 13:52:17 +01:00 
						 
				 
			
				
					
						
							
							
								Mehrdad 
							
						 
					 
					
						
						
							
						
						d4d5427571 
					 
					
						
						
							
							Refs  #33697  -- Used django.utils.http.parse_header_parameters() for parsing boundary streams.  
						
						... 
						
						
						
						This also removes unused parse_header() and _parse_header_params()
helpers in django.http.multipartparser. 
						
						
					 
					
						2022-06-28 09:42:47 +02:00 
						 
				 
			
				
					
						
							
							
								Mehrdad 
							
						 
					 
					
						
						
							
						
						93cedc82f2 
					 
					
						
						
							
							Refs  #33697  -- Fixed multipart parsing of headers with double quotes and semicolons.  
						
						... 
						
						
						
						See 1ef0c0349e 
						
						
					 
					
						2022-06-01 10:11:07 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						7119f40c98 
					 
					
						
						
							
							Refs  #33476  -- Refactored code to strictly match 88 characters line length.  
						
						
						
						
					 
					
						2022-02-07 20:37:05 +01:00 
						 
				 
			
				
					
						
							
							
								django-bot 
							
						 
					 
					
						
						
							
						
						9c19aff7c7 
					 
					
						
						
							
							Refs  #33476  -- Reformatted code with Black.  
						
						
						
						
					 
					
						2022-02-07 20:37:05 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						c5cd878382 
					 
					
						
						
							
							Refs  #33476  -- Refactored problematic code before reformatting by Black.  
						
						... 
						
						
						
						In these cases Black produces unexpected results, e.g.
def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):
or
cursor.execute("""
SELECT ...
""",
    [table name],
) 
						
						
					 
					
						2022-02-03 11:20:46 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						fc18f36c4a 
					 
					
						
						
							
							Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.  
						
						... 
						
						
						
						Thanks Alan Ryan for the report and initial patch. 
						
						
					 
					
						2022-02-01 07:41:40 +01:00 
						 
				 
			
				
					
						
							
							
								Hrushikesh Vaidya 
							
						 
					 
					
						
						
							
						
						3fadf141e6 
					 
					
						
						
							
							Fixed   #33062  -- Made MultiPartParser remove non-printable chars from file names.  
						
						
						
						
					 
					
						2022-01-20 07:19:52 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						1ff0ea6e9b 
					 
					
						
						
							
							Fixed isolation of test_filename_traversal_upload().  
						
						... 
						
						
						
						shutil.rmtree(MEDIA_ROOT) is already called as a class cleanup. 
						
						
					 
					
						2021-07-05 12:05:13 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						213850b4b9 
					 
					
						
						
							
							Refs  #32355  -- Used addClassCleanup() in tests.  
						
						... 
						
						
						
						Inspired by Adam Johnson talk on DjangoCon Europe 2021. 
						
						
					 
					
						2021-06-04 12:53:11 +02:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						0b79eb3691 
					 
					
						
						
							
							Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.  
						
						
						
						
					 
					
						2021-05-04 08:44:42 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						d4d800ca1a 
					 
					
						
						
							
							Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.  
						
						... 
						
						
						
						Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report. 
						
						
					 
					
						2021-04-06 08:15:17 +02:00 
						 
				 
			
				
					
						
							
							
								aryan 
							
						 
					 
					
						
						
							
						
						11c4a4412b 
					 
					
						
						
							
							Fixed   #30422  -- Made TemporaryFileUploadHandler handle interrupted uploads.  
						
						... 
						
						
						
						This patch allows upload handlers to handle interrupted uploads.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com > 
						
						
					 
					
						2020-09-30 10:30:43 +02:00 
						 
				 
			
				
					
						
							
							
								aryan 
							
						 
					 
					
						
						
							
						
						21b127bfbc 
					 
					
						
						
							
							Refs  #30422  -- Added test for removing temporary files in MultiPartParser when StopUpload is raised.  
						
						
						
						
					 
					
						2020-09-30 10:29:08 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Brown 
							
						 
					 
					
						
						
							
						
						36db4dd937 
					 
					
						
						
							
							Fixed   #28132  -- Made MultiPartParser ignore filenames with trailing slash.  
						
						
						
						
					 
					
						2020-06-11 08:46:59 +02:00 
						 
				 
			
				
					
						
							
							
								007 
							
						 
					 
					
						
						
							
						
						e65fea9292 
					 
					
						
						
							
							Fixed   #31293  -- Allowed MultiPartParser to handle double-quoted encoded headers.  
						
						
						
						
					 
					
						2020-02-28 14:43:16 +01:00 
						 
				 
			
				
					
						
							
							
								Nick Pope 
							
						 
					 
					
						
						
							
						
						7552de7866 
					 
					
						
						
							
							Used more specific unittest assertions in tests.  
						
						... 
						
						
						
						* assertIsNone()/assertIsNotNone() instead of comparing to None.
* assertLess() for < comparisons.
* assertIs() for 'is' expressions.
* assertIsInstance() for isinstance() expressions.
* rounding of assertAlmostEqual() for round() expressions.
* assertIs(..., True/False) instead of comparing to True/False.
* assertIs()/assertIsNot() for ==/!= comparisons.
* assertNotEqual() for == comparisons.
* assertTrue()/assertFalse() instead of comparing to True/False. 
						
						
					 
					
						2019-10-29 12:37:30 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						95b7699ffc 
					 
					
						
						
							
							Cleaned up exception message checking in some tests.  
						
						
						
						
					 
					
						2019-03-15 19:27:57 -04:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						290d8471bb 
					 
					
						
						
							
							Fixed   #30147  -- Simplified directory creation with os.makedirs(..., exist_ok=True).  
						
						
						
						
					 
					
						2019-01-31 12:53:36 -05:00 
						 
				 
			
				
					
						
							
							
								Jon Dufresne 
							
						 
					 
					
						
						
							
						
						7785e03ba8 
					 
					
						
						
							
							Fixed   #30137  -- Replaced OSError aliases with the canonical OSError.  
						
						... 
						
						
						
						Used more specific errors (e.g. FileExistsError) as appropriate. 
						
						
					 
					
						2019-01-28 11:15:06 -05:00 
						 
				 
			
				
					
						
							
							
								Mads Jensen 
							
						 
					 
					
						
						
							
						
						4167959105 
					 
					
						
						
							
							Added tests for incorrect content type and size in MultiPartParser.  
						
						
						
						
					 
					
						2018-06-12 14:42:20 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						fa75b2cb51 
					 
					
						
						
							
							Refs  #27795  -- Removed force_bytes/text() usage in tests.  
						
						
						
						
					 
					
						2018-02-07 14:20:04 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						5e303836b6 
					 
					
						
						
							
							Used JsonResponse and response.json in file_uploads tests.  
						
						
						
						
					 
					
						2017-02-08 08:42:28 -05:00 
						 
				 
			
				
					
						
							
							
								Chillar Anand 
							
						 
					 
					
						
						
							
						
						6478e07a62 
					 
					
						
						
							
							Refs  #23919  -- Replaced tempfile.mkdtemp() with TemporaryDirectory() context manager.  
						
						
						
						
					 
					
						2017-01-26 13:54:16 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						fee42fd99e 
					 
					
						
						
							
							Refs  #23919  -- Replaced usage of django.utils.http utilities with Python equivalents  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-01-26 19:49:03 +01:00 
						 
				 
			
				
					
						
							
							
								chillaranand 
							
						 
					 
					
						
						
							
						
						d6eaf7c018 
					 
					
						
						
							
							Refs  #23919  -- Replaced super(ClassName, self) with super().  
						
						
						
						
					 
					
						2017-01-25 12:23:46 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						632c4ffd9c 
					 
					
						
						
							
							Refs  #23919  -- Replaced errno checking with PEP 3151 exceptions.  
						
						
						
						
					 
					
						2017-01-25 10:13:08 -05:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						2b281cc35e 
					 
					
						
						
							
							Refs  #23919  -- Removed most of remaining six usage  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-01-18 21:33:28 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						c716fe8782 
					 
					
						
						
							
							Refs  #23919  -- Removed six.PY2/PY3 usage  
						
						... 
						
						
						
						Thanks Tim Graham for the review. 
						
						
					 
					
						2017-01-18 16:21:28 +01:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						d7b9aaa366 
					 
					
						
						
							
							Refs  #23919  -- Removed encoding preambles and future imports  
						
						
						
						
					 
					
						2017-01-18 09:55:19 +01:00 
						 
				 
			
				
					
						
							
							
								za 
							
						 
					 
					
						
						
							
						
						321e94fa41 
					 
					
						
						
							
							Refs  #27392  -- Removed "Tests that", "Ensures that", etc. from test docstrings.  
						
						
						
						
					 
					
						2016-11-10 21:30:21 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						c9ae09addf 
					 
					
						
						
							
							Replaced use of TestCase.fail() with assertRaises().  
						
						... 
						
						
						
						Also removed try/except/fail antipattern that hides exceptions. 
						
						
					 
					
						2016-06-28 11:21:26 -04:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						9baf692a58 
					 
					
						
						
							
							Fixed   #26601  -- Improved middleware per DEP 0005.  
						
						... 
						
						
						
						Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP. 
						
						
					 
					
						2016-05-17 07:22:22 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						92053acbb9 
					 
					
						
						
							
							Fixed E128 flake8 warnings in tests/.  
						
						
						
						
					 
					
						2016-04-08 10:12:33 -04:00 
						 
				 
			
				
					
						
							
							
								John-Mark Bell 
							
						 
					 
					
						
						
							
						
						4b129ac81f 
					 
					
						
						
							
							Fixed   #26325  -- Made MultiPartParser ignore filenames that normalize to an empty string.  
						
						
						
						
					 
					
						2016-03-07 13:19:39 -05:00 
						 
				 
			
				
					
						
							
							
								Hasan 
							
						 
					 
					
						
						
							
						
						3d0dcd7f5a 
					 
					
						
						
							
							Refs  #26022  -- Used context manager version of assertRaises in tests.  
						
						
						
						
					 
					
						2016-01-29 12:32:18 -05:00 
						 
				 
			
				
					
						
							
							
								Mingun Pak 
							
						 
					 
					
						
						
							
						
						4c912d184d 
					 
					
						
						
							
							Fixed typos in test comments.  
						
						
						
						
					 
					
						2016-01-23 12:45:25 -05:00 
						 
				 
			
				
					
						
							
							
								Dražen Odobašić 
							
						 
					 
					
						
						
							
						
						b1e33ceced 
					 
					
						
						
							
							Fixed   #23395  -- Limited line lengths to 119 characters.  
						
						
						
						
					 
					
						2015-09-12 11:40:50 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						6e3fe089dd 
					 
					
						
						
							
							Replaced six.BytesIO with io.BytesIO  
						
						
						
						
					 
					
						2015-07-20 08:19:47 -04:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						4ccfc4439a 
					 
					
						
						
							
							Refs  #24652  -- Fixed a test failure in file_uploads tests on Windows.  
						
						... 
						
						
						
						Thanks to Tim Graham for the report. 
						
						
					 
					
						2015-05-25 19:09:01 -04:00 
						 
				 
			
				
					
						
							
							
								Simon Charette 
							
						 
					 
					
						
						
							
						
						be67400b47 
					 
					
						
						
							
							Refs  #24652  -- Used SimpleTestCase where appropriate.  
						
						
						
						
					 
					
						2015-05-20 13:46:13 -04:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						a8fe12417f 
					 
					
						
						
							
							Normalized usage of the tempfile module.  
						
						... 
						
						
						
						Specifically stopped using the dir argument. 
						
						
					 
					
						2015-02-23 16:55:27 +01:00 
						 
				 
			
				
					
						
							
							
								Aymeric Augustin 
							
						 
					 
					
						
						
							
						
						934400759d 
					 
					
						
						
							
							Guaranteed removal of temporary files during tests.  
						
						... 
						
						
						
						Dropped the DJANGO_TEST_TEMP_DIR environment variable.
Before this change, proper removal depended on the developer passing
dir=os.environ['DJANGO_TEST_TMP_DIR'] to tempfile functions. 
						
						
					 
					
						2015-02-23 16:55:26 +01:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						0ed7d15563 
					 
					
						
						
							
							Sorted imports with isort; refs  #23860 .  
						
						
						
						
					 
					
						2015-02-06 08:16:28 -05:00 
						 
				 
			
				
					
						
							
							
								darkryder 
							
						 
					 
					
						
						
							
						
						9ec8aa5e5d 
					 
					
						
						
							
							Fixed   #24149  -- Normalized tuple settings to lists.  
						
						
						
						
					 
					
						2015-02-03 14:59:45 -05:00