mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-27 07:36:08 +00:00
Code Issues 32 Releases Wiki Activity

[4.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of validation when uploading multiple files using one form field.

Browse Source 
Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
This commit is contained in:
Mariusz Felisiak
2023-04-13 10:10:56 +02:00
parent 290fd5ecec
commit 21b1b1fc03
8 changed files with 245 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
tests/forms_tests/widget_tests/test_clearablefileinput.py
View File

@@ -242,3 +242,8 @@ class ClearableFileInputTest(WidgetTest):
'<input type="file" name="clearable_file" id="id_clearable_file"></div>',
form.render(),
)
def test_multiple_error(self):
msg = "ClearableFileInput doesn't support uploading multiple files."
with self.assertRaisesMessage(ValueError, msg):
ClearableFileInput(attrs={"multiple": True})