1
0
mirror of https://github.com/django/django.git synced 2025-01-27 02:29:55 +00:00

126 Commits

Author SHA1 Message Date
Simon Charette
47f18a7226 Refs #35326 -- Adjusted deprecation warning stacklevel in FileSystemStorage.OS_OPEN_FLAGS. 2024-08-28 11:44:05 -03:00
Mariusz Felisiak
a57596e443 Refs #35658 -- Fixed test_create_file_field_from_another_file_field_in_memory_storage when run in reverse. 2024-08-15 08:52:19 +02:00
lucasesposito
f16a9a556f Fixed #35658 -- Initialized InMemoryFileNode instances with a name. 2024-08-09 12:27:15 +02:00
Sarah Boyce
8deb6bb1fc
Fixed #35657 -- Made FileField handle db_default values. 2024-08-05 16:36:49 -03:00
Sarah Boyce
8d6a20b656 Fixed #35604, Refs #35326 -- Made FileSystemStorage.exists() behaviour independent from allow_overwrite.
Partially reverts 0b33a3abc2ca7d68a24f6d0772bc2b9fa603744e.

Storage.exists(name) was documented to "return False if
the name is available for a new file." but return True if
the file exists. This is ambiguous in the overwrite file
case. It will now always return whether the file exists.

Thank you to Natalia Bidart and Josh Schneier for the
review.
2024-07-24 14:55:10 +02:00
Natalia
fe4a0bbe20 Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
2024-07-09 09:21:19 -03:00
Ben Cail
0b33a3abc2 Fixed #35326 -- Added allow_overwrite parameter to FileSystemStorage. 2024-05-21 07:28:12 +02:00
nessita
34f329ecac
Added tests for Storage's generate_filename method. 2024-05-10 08:51:47 -03:00
Adam Zapletal
eb2d49b734 Fixed #23759 -- Preserved all file extensions in Storage.get_available_name(). 2024-02-20 21:06:39 +01:00
Mariusz Felisiak
d88ec42bd0
Used addCleanup() in tests where appropriate. 2023-12-31 10:01:31 +01:00
Mariusz Felisiak
f72f420f17 Refs #26029 -- Removed DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings.
This also removes django.core.files.storage.get_storage_class().

Per deprecation timeline.
2023-09-18 22:12:40 +02:00
konsti
48a1929ca0
Removed unnecessary trailing commas in tests. 2023-08-22 12:42:57 +02:00
Liyang Zhang
f9f9215d3e
Fixed some typos in comments, docstrings, and tests. 2023-03-20 08:07:23 +01:00
Matt Westcott
ef85b6bf0b Fixed #34192 -- Preserved callable storage when it returns default_storage. 2023-01-23 10:29:17 +01:00
Jarosław Wygoda
32940d390a Refs #26029 -- Deprecated DEFAULT_FILE_STORAGE and STATICFILES_STORAGE settings. 2023-01-12 09:58:36 +01:00
Jarosław Wygoda
1ec3f0961f Fixed #26029 -- Allowed configuring custom file storage backends. 2023-01-12 06:20:57 +01:00
Francesco Panico
72efd840a8 Fixed #34110 -- Added in-memory file storage.
Thanks Paolo Melchiorre, Carlton Gibson, and Mariusz Felisiak for
reviews.
2023-01-10 10:56:59 +01:00
Francesco Panico
032c09c414 Refs #34110 -- Reorganized django.core.files.storage into a separate module. 2022-11-11 06:59:33 +01:00
Carlton Gibson
bb61f0186d Refs #32365 -- Removed internal uses of utils.timezone.utc alias.
Remaining test case ensures that uses of the alias are mapped
canonically by the migration writer.
2022-03-24 06:29:50 +01:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Florian Apolloner
6d343d01c5 Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem.
Thanks to Dennis Brinkrolf for the report.
2022-01-04 10:04:12 +01:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
Jacob Walls
ec2727efef Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists. 2021-06-02 12:20:22 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
2021-05-13 08:53:44 +02:00
Carlton Gibson
a708f39ce6 Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows.
The validate_file_name() sanitation introduced in
0b79eb36915d178aef5c6a7bbce71b1e76d376d3 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2abb1c6dd860cb9279beaa66409ae1b2 to allow path
components for storages that may allow them.

Test is skipped pending a discussed storage refactoring to support this
use-case.
2021-05-06 07:04:52 +02:00
Florian Apolloner
0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Daniyal
474cc420bf Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core. 2021-03-19 08:04:37 +01:00
Brian Helba
2d42e23b6d Fixed #31941 -- Corrected FileField.deconstruct() with a callable storage. 2020-09-02 11:06:18 +02:00
Mariusz Felisiak
8d7271578d Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
Thanks WhiteSage for the report.
2020-09-01 09:17:23 +02:00
Carlton Gibson
94b32a20ef Refs #28184 -- Added test for FileField storage default.
Co-authored-by: miigotu <miigotu@gmail.com>
2020-04-08 11:26:17 +02:00
miigotu
210657b791 Fixed #28184 -- Allowed using a callable for FileField and ImageField storage. 2020-04-08 11:26:17 +02:00
Jon Dufresne
39791c8e6d Harmonized Windows checks in tests to a single style. 2019-11-06 15:14:30 +01:00
Hasan Ramezani
17752003a8 Refs #28428 -- Made FileSystemStorage.save() to support pathlib.Path. 2019-10-31 09:06:05 +01:00
Hasan Ramezani
0f2975534d Refs #28428 -- Added tests for using FileSystemStorage with pathlib.Path. 2019-10-31 08:52:15 +01:00
Oleg Kainov
c574bec092 Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to relative paths.
Thanks Florian Apolloner for reviews.

Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
2019-09-25 19:47:03 +02:00
Claude Paroz
d1c2e6dd04 Refs #28428 -- Made FileField.upload_to support pathlib.Path. 2019-08-18 20:34:58 +02:00
Claude Paroz
af69842dbd Refs #28428 -- Added test for a callable FileField.upload_to that returns pathlib.Path. 2019-08-18 20:34:54 +02:00
Min ho Kim
65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Jon Dufresne
290d8471bb Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True). 2019-01-31 12:53:36 -05:00
Jon Dufresne
7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham
043bd70942 Updated test URL patterns to use path() and re_path(). 2018-12-31 10:47:32 -05:00
Tim Graham
98ef3829e9 Fixed #29890 -- Fixed FileSystemStorage crash if concurrent saves try to create the same directory.
Regression in 632c4ffd9cb1da273303bcd8005fff216506c795.
2018-10-31 19:28:11 -04:00
Jon Dufresne
e90af8bad4 Capitalized "Python" in docs and comments. 2018-10-09 09:26:07 -04:00
Sergey Fedoseev
8ef8bc0f64 Refs #28909 -- Simplifed code using unpacking generalizations. 2018-09-28 09:57:12 -04:00
Jon Dufresne
e7d7d47b93 Fixed ResourceWarning from unclosed test files.
When running Django tests with Python warnings enabled.
2018-07-10 12:26:19 +02:00
Jon Prindiville
b4cba4ed62 Fixed #28144 -- Added FileSystemStorage.OS_OPEN_FLAGS to allow customization. 2018-06-29 15:51:59 -04:00
Claude Paroz
8e960c5aba Removed urllib2 reference in file storage tests 2018-04-27 14:02:39 +02:00
Jon Dufresne
2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
Rajesh Veeranki
67e1afb4a8 Fixed #28224 -- Tested for SuspiciousOperation subclasses in Django's tests. 2017-05-25 08:19:01 -04:00