mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.

Browse Source
This commit is contained in:
Florian Apolloner
2021-04-14 18:23:44 +02:00
committed by Carlton Gibson
parent 8de4ca74ba
commit 0b79eb3691
14 changed files with 190 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/forms_tests/field_tests/test_filefield.py
View File

@@ -21,10 +21,12 @@ class FileFieldTest(SimpleTestCase):
f.clean(None, '')
self.assertEqual('files/test2.pdf', f.clean(None, 'files/test2.pdf'))
no_file_msg = "'No file was submitted. Check the encoding type on the form.'"
file = SimpleUploadedFile(None, b'')
file._name = ''
with self.assertRaisesMessage(ValidationError, no_file_msg):
f.clean(SimpleUploadedFile('', b''))
f.clean(file)
with self.assertRaisesMessage(ValidationError, no_file_msg):
f.clean(SimpleUploadedFile('', b''), '')
f.clean(file, '')
self.assertEqual('files/test3.pdf', f.clean(None, 'files/test3.pdf'))
with self.assertRaisesMessage(ValidationError, no_file_msg):
f.clean('some content that is not a file')