mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00
Code Issues 25 Releases Wiki Activity
30,465 Commits 28 Branches 426 Tags 666 MiB
ba94488196
Commit Graph

105 Commits

Author SHA1 Message Date
Florian Apolloner
6d343d01c5 Fixed CVE-2021-45452 -- Fixed potential path traversal in storage subsystem. 
Thanks to Dennis Brinkrolf for the report.
 2022-01-04 10:04:12 +01:00
David Smith
1024b5e74a Fixed 32956 -- Lowercased spelling of "web" and "web framework" where appropriate. 2021-07-29 06:24:12 +02:00
Jacob Walls
ec2727efef Fixed #28154 -- Prevented infinite loop in FileSystemStorage.save() when a broken symlink with the same name exists. 2021-06-02 12:20:22 +02:00
Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
 2021-05-13 08:53:44 +02:00
Carlton Gibson
a708f39ce6 Refs CVE-2021-31542 -- Skipped mock AWS storage test on Windows. 
The validate_file_name() sanitation introduced in
0b79eb3691 correctly rejects the example
file name as containing path elements on Windows. This breaks the test
introduced in 914c72be2a to allow path
components for storages that may allow them.

Test is skipped pending a discussed storage refactoring to support this
use-case.
 2021-05-06 07:04:52 +02:00
Florian Apolloner
0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Daniyal
474cc420bf Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core. 2021-03-19 08:04:37 +01:00
Brian Helba
2d42e23b6d Fixed #31941 -- Corrected FileField.deconstruct() with a callable storage. 2020-09-02 11:06:18 +02:00
Mariusz Felisiak
8d7271578d Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+. 
Thanks WhiteSage for the report.
 2020-09-01 09:17:23 +02:00
Carlton Gibson
94b32a20ef Refs #28184 -- Added test for FileField storage default. 
Co-authored-by: miigotu <miigotu@gmail.com>
 2020-04-08 11:26:17 +02:00
miigotu
210657b791 Fixed #28184 -- Allowed using a callable for FileField and ImageField storage. 2020-04-08 11:26:17 +02:00
Jon Dufresne
39791c8e6d Harmonized Windows checks in tests to a single style. 2019-11-06 15:14:30 +01:00
Hasan Ramezani
17752003a8 Refs #28428 -- Made FileSystemStorage.save() to support pathlib.Path. 2019-10-31 09:06:05 +01:00
Hasan Ramezani
0f2975534d Refs #28428 -- Added tests for using FileSystemStorage with pathlib.Path. 2019-10-31 08:52:15 +01:00
Oleg Kainov
c574bec092 Fixed #25598 -- Added SCRIPT_NAME prefix to STATIC_URL and MEDIA_URL set to relative paths. 
Thanks Florian Apolloner for reviews.

Co-authored-by: Joel Dunham <Joel.Dunham@technicalsafetybc.ca>
 2019-09-25 19:47:03 +02:00
Claude Paroz
d1c2e6dd04 Refs #28428 -- Made FileField.upload_to support pathlib.Path. 2019-08-18 20:34:58 +02:00
Claude Paroz
af69842dbd Refs #28428 -- Added test for a callable FileField.upload_to that returns pathlib.Path. 2019-08-18 20:34:54 +02:00
Min ho Kim
65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Jon Dufresne
290d8471bb Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True). 2019-01-31 12:53:36 -05:00
Jon Dufresne
7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError. 
Used more specific errors (e.g. FileExistsError) as appropriate.
 2019-01-28 11:15:06 -05:00
Tim Graham
043bd70942 Updated test URL patterns to use path() and re_path(). 2018-12-31 10:47:32 -05:00
Tim Graham
98ef3829e9 Fixed #29890 -- Fixed FileSystemStorage crash if concurrent saves try to create the same directory. 
Regression in 632c4ffd9c.
 2018-10-31 19:28:11 -04:00
Jon Dufresne
e90af8bad4 Capitalized "Python" in docs and comments. 2018-10-09 09:26:07 -04:00
Sergey Fedoseev
8ef8bc0f64 Refs #28909 -- Simplifed code using unpacking generalizations. 2018-09-28 09:57:12 -04:00
Jon Dufresne
e7d7d47b93 Fixed ResourceWarning from unclosed test files. 
When running Django tests with Python warnings enabled.
 2018-07-10 12:26:19 +02:00
Jon Prindiville
b4cba4ed62 Fixed #28144 -- Added FileSystemStorage.OS_OPEN_FLAGS to allow customization. 2018-06-29 15:51:59 -04:00
Claude Paroz
8e960c5aba Removed urllib2 reference in file storage tests 2018-04-27 14:02:39 +02:00
Jon Dufresne
2c69824e5a Refs #23968 -- Removed unnecessary lists, generators, and tuple calls. 2017-06-01 19:08:59 -04:00
Rajesh Veeranki
67e1afb4a8 Fixed #28224 -- Tested for SuspiciousOperation subclasses in Django's tests. 2017-05-25 08:19:01 -04:00
Vytis Banaitis
9cbf48693d Refs #27836 -- Fixed cleanup exception in file_storage test. 
TemporaryDirectory tries to delete the directory that was already removed.
 2017-03-01 12:52:28 -05:00
chillaranand
e4025563ea Fixed #27836 -- Allowed FileSystemStorage.delete() to remove directories. 2017-02-24 16:02:33 -05:00
Tim Graham
29f607927f Fixed spelling of "nonexistent". 2017-02-03 08:01:45 -05:00
chillaranand
d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Tim Graham
632c4ffd9c Refs #23919 -- Replaced errno checking with PEP 3151 exceptions. 2017-01-25 10:13:08 -05:00
Tim Graham
4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage. 
These functions do nothing on Python 3.
 2017-01-20 08:01:02 -05:00
Tim Graham
109b33f64c Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2. 2017-01-20 08:49:47 +01:00
Claude Paroz
2b281cc35e Refs #23919 -- Removed most of remaining six usage 
Thanks Tim Graham for the review.
 2017-01-18 21:33:28 +01:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham
0dfc5479a8 Refs #26058 -- Removed deprecated FileField.get_directory_name()/get_filename(). 2017-01-17 20:52:04 -05:00
Tim Graham
2d7fb77987 Refs #23832 -- Removed deprecated non-timezone aware Storage API. 2017-01-17 20:52:03 -05:00
Tim Graham
b5f0b3478d Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase. 2016-12-07 17:42:31 -05:00
za
321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Tim Graham
414ad25b09 Fixed #27327 -- Simplified time zone handling by requiring pytz. 2016-10-27 08:53:20 -04:00
Chris Sinchok
ac1975b18b Fixed #13809 -- Made FieldFile.open() respect its mode argument. 2016-08-09 12:53:18 -04:00
Tomas Pazderka
b820b6108a Fixed #26896 -- Allowed a lazy base_url for FileSystemStorage. 2016-07-29 14:13:54 -04:00
Paul J Stevens
b45852c263 Refs #26772 -- Added a test for FileField reopening closed files. 
Thanks Simon Charette for review.
 2016-06-18 11:06:56 -04:00
Tim Graham
cd217de610 Reverted "Fixed #26644 -- Allowed wrapping NamedTemporaryFile with File." 
This reverts commit 1b407050dd as it
introduces a regression in the test for refs #26772.
 2016-06-18 11:06:56 -04:00
Tim Graham
7def55c3f6 Reverted "Fixed #26398 -- Made FieldFile.open() respect its mode argument." 
This reverts commit a52a531a8b due to
regressions described in refs #26772.
 2016-06-17 21:04:02 -04:00
Hugo Osvaldo Barrera
1b407050dd Fixed #26644 -- Allowed wrapping NamedTemporaryFile with File. 
914c72be2a introduced a regression that
causes saving a NamedTemporaryFile in a FileField to raise a
SuspiciousFileOperation. To remedy this, if a File has an absolute
path as a filename, use only the basename as the filename.
 2016-06-14 09:28:08 -04:00
Simon Charette
271581df60 Refs #26712 -- Removed workarounds for PostgreSQL queries on TIME_ZONE changes. 2016-06-06 11:26:21 -04:00