Natalia
2b00edc015
[4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
...
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
2024-07-09 10:40:48 -03:00
Jarosław Wygoda
32940d390a
Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.
2023-01-12 09:58:36 +01:00
Francesco Panico
72efd840a8
Fixed #34110 -- Added in-memory file storage.
...
Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for
reviews.
2023-01-10 10:56:59 +01:00
Francesco Panico
c179ad9fe7
Refs #34100 -- Made file upload tests use Storage.exists() where appropriate.
2022-12-30 13:28:47 +01:00
Nick Pope
9bd174b9a7
Updated documentation and comments for RFC updates.
...
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Mehrdad
d4d5427571
Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing boundary streams.
...
This also removes unused parse_header() and _parse_header_params()
helpers in django.http.multipartparser.
2022-06-28 09:42:47 +02:00
Mehrdad
93cedc82f2
Refs #33697 -- Fixed multipart parsing of headers with double quotes and semicolons.
...
See 1ef0c0349e
2022-06-01 10:11:07 +02:00
Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
...
In these cases Black produces unexpected results, e.g.
def make_random_password(
self,
length=10,
allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):
or
cursor.execute("""
SELECT ...
""",
[table name],
)
2022-02-03 11:20:46 +01:00
Mariusz Felisiak
fc18f36c4a
Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
...
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Hrushikesh Vaidya
3fadf141e6
Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names.
2022-01-20 07:19:52 +01:00
Mariusz Felisiak
1ff0ea6e9b
Fixed isolation of test_filename_traversal_upload().
...
shutil.rmtree(MEDIA_ROOT) is already called as a class cleanup.
2021-07-05 12:05:13 +02:00
Mariusz Felisiak
213850b4b9
Refs #32355 -- Used addClassCleanup() in tests.
...
Inspired by Adam Johnson talk on DjangoCon Europe 2021.
2021-06-04 12:53:11 +02:00
Florian Apolloner
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
Mariusz Felisiak
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
aryan
11c4a4412b
Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
...
This patch allows upload handlers to handle interrupted uploads.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com >
2020-09-30 10:30:43 +02:00
aryan
21b127bfbc
Refs #30422 -- Added test for removing temporary files in MultiPartParser when StopUpload is raised.
2020-09-30 10:29:08 +02:00
Michael Brown
36db4dd937
Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash.
2020-06-11 08:46:59 +02:00
007
e65fea9292
Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.
2020-02-28 14:43:16 +01:00
Nick Pope
7552de7866
Used more specific unittest assertions in tests.
...
* assertIsNone()/assertIsNotNone() instead of comparing to None.
* assertLess() for < comparisons.
* assertIs() for 'is' expressions.
* assertIsInstance() for isinstance() expressions.
* rounding of assertAlmostEqual() for round() expressions.
* assertIs(..., True/False) instead of comparing to True/False.
* assertIs()/assertIsNot() for ==/!= comparisons.
* assertNotEqual() for == comparisons.
* assertTrue()/assertFalse() instead of comparing to True/False.
2019-10-29 12:37:30 +01:00
Jon Dufresne
95b7699ffc
Cleaned up exception message checking in some tests.
2019-03-15 19:27:57 -04:00
Jon Dufresne
290d8471bb
Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True).
2019-01-31 12:53:36 -05:00
Jon Dufresne
7785e03ba8
Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
...
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Mads Jensen
4167959105
Added tests for incorrect content type and size in MultiPartParser.
2018-06-12 14:42:20 -04:00
Tim Graham
fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests.
2018-02-07 14:20:04 -05:00
Tim Graham
5e303836b6
Used JsonResponse and response.json in file_uploads tests.
2017-02-08 08:42:28 -05:00
Chillar Anand
6478e07a62
Refs #23919 -- Replaced tempfile.mkdtemp() with TemporaryDirectory() context manager.
2017-01-26 13:54:16 -05:00
Claude Paroz
fee42fd99e
Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
...
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Tim Graham
632c4ffd9c
Refs #23919 -- Replaced errno checking with PEP 3151 exceptions.
2017-01-25 10:13:08 -05:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
za
321e94fa41
Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.
2016-11-10 21:30:21 -05:00
Tim Graham
c9ae09addf
Replaced use of TestCase.fail() with assertRaises().
...
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
Florian Apolloner
9baf692a58
Fixed #26601 -- Improved middleware per DEP 0005.
...
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Tim Graham
92053acbb9
Fixed E128 flake8 warnings in tests/.
2016-04-08 10:12:33 -04:00
John-Mark Bell
4b129ac81f
Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string.
2016-03-07 13:19:39 -05:00
Hasan
3d0dcd7f5a
Refs #26022 -- Used context manager version of assertRaises in tests.
2016-01-29 12:32:18 -05:00
Mingun Pak
4c912d184d
Fixed typos in test comments.
2016-01-23 12:45:25 -05:00
Dražen Odobašić
b1e33ceced
Fixed #23395 -- Limited line lengths to 119 characters.
2015-09-12 11:40:50 -04:00
Tim Graham
6e3fe089dd
Replaced six.BytesIO with io.BytesIO
2015-07-20 08:19:47 -04:00
Simon Charette
4ccfc4439a
Refs #24652 -- Fixed a test failure in file_uploads tests on Windows.
...
Thanks to Tim Graham for the report.
2015-05-25 19:09:01 -04:00
Simon Charette
be67400b47
Refs #24652 -- Used SimpleTestCase where appropriate.
2015-05-20 13:46:13 -04:00
Aymeric Augustin
a8fe12417f
Normalized usage of the tempfile module.
...
Specifically stopped using the dir argument.
2015-02-23 16:55:27 +01:00
Aymeric Augustin
934400759d
Guaranteed removal of temporary files during tests.
...
Dropped the DJANGO_TEST_TEMP_DIR environment variable.
Before this change, proper removal depended on the developer passing
dir=os.environ['DJANGO_TEST_TMP_DIR'] to tempfile functions.
2015-02-23 16:55:26 +01:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
darkryder
9ec8aa5e5d
Fixed #24149 -- Normalized tuple settings to lists.
2015-02-03 14:59:45 -05:00
Raul Cumplido
ac650d02cb
Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers
...
Thanks Tom Christie for the report and review.
2015-01-27 20:12:22 +01:00