1
0
mirror of https://github.com/django/django.git synced 2024-12-22 09:05:43 +00:00
Commit Graph

94 Commits

Author SHA1 Message Date
Natalia
fe4a0bbe20 Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
2024-07-09 09:21:19 -03:00
Mariusz Felisiak
305757aec1
Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Standa Opichal
1c6e8ec4ed Fixed #34968 -- Made multipart parsing of headers raise an error on too long headers.
This also allow customizing the maximum size of headers via
MAX_TOTAL_HEADER_SIZE.
2023-11-24 12:06:54 +01:00
Jarosław Wygoda
32940d390a Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. 2023-01-12 09:58:36 +01:00
Francesco Panico
72efd840a8 Fixed #34110 -- Added in-memory file storage.
Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for
reviews.
2023-01-10 10:56:59 +01:00
Francesco Panico
c179ad9fe7 Refs #34100 -- Made file upload tests use Storage.exists() where appropriate. 2022-12-30 13:28:47 +01:00
Nick Pope
9bd174b9a7 Updated documentation and comments for RFC updates.
- Updated references to RFC 1123 to RFC 5322
  - Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
  - Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
2022-11-10 13:52:17 +01:00
Mehrdad
d4d5427571 Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing boundary streams.
This also removes unused parse_header() and _parse_header_params()
helpers in django.http.multipartparser.
2022-06-28 09:42:47 +02:00
Mehrdad
93cedc82f2 Refs #33697 -- Fixed multipart parsing of headers with double quotes and semicolons.
See 1ef0c0349e
2022-06-01 10:11:07 +02:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak
c5cd878382
Refs #33476 -- Refactored problematic code before reformatting by Black.
In these cases Black produces unexpected results, e.g.

def make_random_password(
    self,
    length=10,
    allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789',
):

or

cursor.execute("""
SELECT ...
""",
    [table name],
)
2022-02-03 11:20:46 +01:00
Mariusz Felisiak
fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Hrushikesh Vaidya
3fadf141e6 Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. 2022-01-20 07:19:52 +01:00
Mariusz Felisiak
1ff0ea6e9b
Fixed isolation of test_filename_traversal_upload().
shutil.rmtree(MEDIA_ROOT) is already called as a class cleanup.
2021-07-05 12:05:13 +02:00
Mariusz Felisiak
213850b4b9
Refs #32355 -- Used addClassCleanup() in tests.
Inspired by Adam Johnson talk on DjangoCon Europe 2021.
2021-06-04 12:53:11 +02:00
Florian Apolloner
0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Mariusz Felisiak
d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
aryan
11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
aryan
21b127bfbc Refs #30422 -- Added test for removing temporary files in MultiPartParser when StopUpload is raised. 2020-09-30 10:29:08 +02:00
Michael Brown
36db4dd937 Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. 2020-06-11 08:46:59 +02:00
Jon Dufresne
505fec6bad Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
007
e65fea9292 Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. 2020-02-28 14:43:16 +01:00
Nick Pope
7552de7866 Used more specific unittest assertions in tests.
* assertIsNone()/assertIsNotNone() instead of comparing to None.
* assertLess() for < comparisons.
* assertIs() for 'is' expressions.
* assertIsInstance() for isinstance() expressions.
* rounding of assertAlmostEqual() for round() expressions.
* assertIs(..., True/False) instead of comparing to True/False.
* assertIs()/assertIsNot() for ==/!= comparisons.
* assertNotEqual() for == comparisons.
* assertTrue()/assertFalse() instead of comparing to True/False.
2019-10-29 12:37:30 +01:00
Jon Dufresne
95b7699ffc Cleaned up exception message checking in some tests. 2019-03-15 19:27:57 -04:00
Jon Dufresne
a98bcfb0dd Refs #15362 -- Removed obsolete workaround in file_uploads test view. 2019-02-09 18:44:28 -05:00
Jon Dufresne
c492fdfd24 Removed default empty content argument from HttpResponse calls. 2019-02-09 16:27:32 -05:00
Jon Dufresne
290d8471bb Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True). 2019-01-31 12:53:36 -05:00
Jon Dufresne
7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham
043bd70942 Updated test URL patterns to use path() and re_path(). 2018-12-31 10:47:32 -05:00
Mads Jensen
4167959105 Added tests for incorrect content type and size in MultiPartParser. 2018-06-12 14:42:20 -04:00
Tim Graham
fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Jon Dufresne
21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
Tim Graham
500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Tim Graham
5e303836b6 Used JsonResponse and response.json in file_uploads tests. 2017-02-08 08:42:28 -05:00
Chillar Anand
6478e07a62 Refs #23919 -- Replaced tempfile.mkdtemp() with TemporaryDirectory() context manager. 2017-01-26 13:54:16 -05:00
Claude Paroz
fee42fd99e Refs #23919 -- Replaced usage of django.utils.http utilities with Python equivalents
Thanks Tim Graham for the review.
2017-01-26 19:49:03 +01:00
chillaranand
d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Tim Graham
632c4ffd9c Refs #23919 -- Replaced errno checking with PEP 3151 exceptions. 2017-01-25 10:13:08 -05:00
Claude Paroz
dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Tim Graham
5320fa77c3 Refs #23919 -- Removed obsolete contextlib.closing() calls (for Python 2). 2017-01-19 08:50:28 -05:00
Claude Paroz
2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Claude Paroz
2ced2f785d Replaced smart_* by force_* calls whenever possible
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Tim Graham
c9ae09addf Replaced use of TestCase.fail() with assertRaises().
Also removed try/except/fail antipattern that hides exceptions.
2016-06-28 11:21:26 -04:00
Florian Apolloner
9baf692a58 Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and
writing documentation. Thanks Carl Meyer for shepherding the DEP.
2016-05-17 07:22:22 -04:00
Tim Graham
92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00