Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string.

2025-10-31 09:41:08 +00:00 · 2016-03-07 12:06:46 +00:00
parent 75614f6d4c
commit 4b129ac81f
4 changed files with 44 additions and 4 deletions
--- a/docs/releases/1.8.12.txt
+++ b/docs/releases/1.8.12.txt
@@ -9,4 +9,6 @@ Django 1.8.12 fixes several bugs in 1.8.11.
 Bugfixes
 ========

-* ...
+* Made ``MultiPartParser`` ignore filenames that normalize to an empty string
+  to fix crash in ``MemoryFileUploadHandler`` on specially crafted user input
+  (:ticket:`26325`).