[3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.

Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report. Backport of d4d800ca1a from main.
2025-10-29 00:26:07 +00:00 · 2021-03-16 10:19:00 +01:00
parent eb7c0a7076
commit 2820fd1be5
9 changed files with 159 additions and 23 deletions
--- a/tests/file_uploads/urls.py
+++ b/tests/file_uploads/urls.py
@@ -4,6 +4,7 @@ from . import views

 urlpatterns = [
    path('upload/', views.file_upload_view),
+    path('upload_traversal/', views.file_upload_traversal_view),
    path('verify/', views.file_upload_view_verify),
    path('unicode_name/', views.file_upload_unicode_name),
    path('echo/', views.file_upload_echo),