mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-26 23:26:08 +00:00
Code Issues 32 Releases Wiki Activity

[1.5.x] Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names.

Browse Source 
This is a security fix. Disclosure following shortly.
This commit is contained in:
Tim Graham
2014-08-08 10:20:08 -04:00
parent 45ac9d4fb0
commit 26cd48e166
7 changed files with 93 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tests/regressiontests/file_storage/tests.py
View File

@@ -40,6 +40,9 @@ except ImportError:
Image = None
FILE_SUFFIX_REGEX = '[A-Za-z0-9]{7}'
class GetStorageClassTests(SimpleTestCase):
def test_get_filesystem_storage(self):
@@ -431,10 +434,9 @@ class FileSaveRaceConditionTest(unittest.TestCase):
self.thread.start()
name = self.save_file('conflict')
self.thread.join()
self.assertTrue(self.storage.exists('conflict'))
self.assertTrue(self.storage.exists('conflict_1'))
self.storage.delete('conflict')
self.storage.delete('conflict_1')
files = sorted(os.listdir(self.storage_dir))
self.assertEqual(files[0], 'conflict')
six.assertRegex(self, files[1], 'conflict_%s' % FILE_SUFFIX_REGEX)
@unittest.skipIf(sys.platform.startswith('win'), "Windows only partially supports umasks and chmod.")
class FileStoragePermissions(unittest.TestCase):
@@ -478,9 +480,10 @@ class FileStoragePathParsing(unittest.TestCase):
self.storage.save('dotted.path/test', ContentFile("1"))
self.storage.save('dotted.path/test', ContentFile("2"))
files = sorted(os.listdir(os.path.join(self.storage_dir, 'dotted.path')))
self.assertFalse(os.path.exists(os.path.join(self.storage_dir, 'dotted_.path')))
self.assertTrue(os.path.exists(os.path.join(self.storage_dir, 'dotted.path/test')))
self.assertTrue(os.path.exists(os.path.join(self.storage_dir, 'dotted.path/test_1')))
self.assertEqual(files[0], 'test')
six.assertRegex(self, files[1], 'test_%s' % FILE_SUFFIX_REGEX)
def test_first_character_dot(self):
"""
@@ -490,8 +493,10 @@ class FileStoragePathParsing(unittest.TestCase):
self.storage.save('dotted.path/.test', ContentFile("1"))
self.storage.save('dotted.path/.test', ContentFile("2"))
self.assertTrue(os.path.exists(os.path.join(self.storage_dir, 'dotted.path/.test')))
self.assertTrue(os.path.exists(os.path.join(self.storage_dir, 'dotted.path/.test_1')))
files = sorted(os.listdir(os.path.join(self.storage_dir, 'dotted.path')))
self.assertFalse(os.path.exists(os.path.join(self.storage_dir, 'dotted_.path')))
self.assertEqual(files[0], '.test')
six.assertRegex(self, files[1], '.test_%s' % FILE_SUFFIX_REGEX)
class DimensionClosingBug(unittest.TestCase):
"""