1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Fixed #4947 -- Avoid displaying uploaded file contents in the debug web page. Based on a patch from eibaan@gmail.com.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@5874 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2007-08-12 12:02:08 +00:00
parent 78dfdd5648
commit 3757f30c99
4 changed files with 26 additions and 3 deletions

View File

@ -101,6 +101,7 @@ answer newbie questions, and generally made Django that much better:
dusk@woofle.net dusk@woofle.net
Andy Dustman <farcepest@gmail.com> Andy Dustman <farcepest@gmail.com>
Clint Ecker Clint Ecker
eibaan@gmail.com
enlight enlight
Enrico <rico.bl@gmail.com> Enrico <rico.bl@gmail.com>
A. Murat Eren <meren@pardus.org.tr> A. Murat Eren <meren@pardus.org.tr>

View File

@ -2,7 +2,7 @@ import os
from Cookie import SimpleCookie from Cookie import SimpleCookie
from pprint import pformat from pprint import pformat
from urllib import urlencode from urllib import urlencode
from django.utils.datastructures import MultiValueDict from django.utils.datastructures import MultiValueDict, FileDict
from django.utils.encoding import smart_str, iri_to_uri, force_unicode from django.utils.encoding import smart_str, iri_to_uri, force_unicode
RESERVED_CHARS="!*'();:@&=+$,/?%#[]" RESERVED_CHARS="!*'();:@&=+$,/?%#[]"
@ -88,11 +88,11 @@ def parse_file_upload(header_dict, post_data):
# directory separator, which may not be the same as the # directory separator, which may not be the same as the
# client's one.) # client's one.)
filename = name_dict['filename'][name_dict['filename'].rfind("\\")+1:] filename = name_dict['filename'][name_dict['filename'].rfind("\\")+1:]
FILES.appendlist(name_dict['name'], { FILES.appendlist(name_dict['name'], FileDict({
'filename': filename, 'filename': filename,
'content-type': 'Content-Type' in submessage and submessage['Content-Type'] or None, 'content-type': 'Content-Type' in submessage and submessage['Content-Type'] or None,
'content': submessage.get_payload(), 'content': submessage.get_payload(),
}) }))
else: else:
POST.appendlist(name_dict['name'], submessage.get_payload()) POST.appendlist(name_dict['name'], submessage.get_payload())
return POST, FILES return POST, FILES

View File

@ -267,3 +267,16 @@ class DotExpandedDict(dict):
current[bits[-1]] = v current[bits[-1]] = v
except TypeError: # Special-case if current isn't a dict. except TypeError: # Special-case if current isn't a dict.
current = {bits[-1] : v} current = {bits[-1] : v}
class FileDict(dict):
"""
A dictionary used to hold uploaded file contents. The only special feature
here is that repr() of this object won't dump the entire contents of the
file to the output. A handy safeguard for a large file upload.
"""
def __repr__(self):
if 'content' in self:
d = dict(self, content='<omitted>')
return dict.__repr__(d)
return dict.__repr__(self)

View File

@ -64,4 +64,13 @@ True
['Holovaty'] ['Holovaty']
>>> d['person']['2']['firstname'] >>> d['person']['2']['firstname']
['Adrian'] ['Adrian']
### FileDict ################################################################
>>> d = FileDict({'content': 'once upon a time...'})
>>> repr(d)
"{'content': '<omitted>'}"
>>> d = FileDict({'other-key': 'once upon a time...'})
>>> repr(d)
"{'other-key': 'once upon a time...'}"
""" """