mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[1.7.x] Prevented views.static.serve() from using large memory on large files.

Browse Source 
This is a security fix. Disclosure following shortly.
This commit is contained in:
Tim Graham
2014-12-09 15:32:03 -05:00
parent de67dedc77
commit 818e59a3f0
6 changed files with 59 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
django/views/static.py
View File

@@ -17,6 +17,8 @@ from django.utils.http import http_date, parse_http_date
from django.utils.six.moves.urllib.parse import unquote
from django.utils.translation import ugettext as _, ugettext_lazy
STREAM_CHUNK_SIZE = 4096
def serve(request, path, document_root=None, show_indexes=False):
"""
@@ -61,7 +63,8 @@ def serve(request, path, document_root=None, show_indexes=False):
return HttpResponseNotModified()
content_type, encoding = mimetypes.guess_type(fullpath)
content_type = content_type or 'application/octet-stream'
response = StreamingHttpResponse(open(fullpath, 'rb'),
f = open(fullpath, 'rb')
response = StreamingHttpResponse(iter(lambda: f.read(STREAM_CHUNK_SIZE), b''),
content_type=content_type)
response["Last-Modified"] = http_date(statobj.st_mtime)
if stat.S_ISREG(statobj.st_mode):