innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
31,138 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

86 Commits

Author SHA1 Message Date
Mehrdad d4d5427571 Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing boundary streams. 
This also removes unused parse_header() and _parse_header_params()
helpers in django.http.multipartparser.
 2022-06-28 09:42:47 +02:00
Mariusz Felisiak bff5c114be
Removed unnecessary _parse_header() from MultiPartParser. 
Reraising ValueError was unused since its introduction in
d725cc9734.
 2022-06-28 09:27:03 +02:00
Mehrdad 49b470b918 Refs #33697 -- Made MultiPartParser use django.utils.http.parse_header_parameters() for parsing Content-Type header. 2022-06-03 21:37:29 +02:00
Mehrdad 93cedc82f2 Refs #33697 -- Fixed multipart parsing of headers with double quotes and semicolons. 
See 1ef0c0349e
 2022-06-01 10:11:07 +02:00
Carlton Gibson 34e2148fc7 Refs #33173 -- Removed use of deprecated cgi module. 
https://peps.python.org/pep-0594/#cgi
 2022-05-11 14:06:31 +02:00
Mariusz Felisiak 7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak fc18f36c4a Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 
Thanks Alan Ryan for the report and initial patch.
 2022-02-01 07:41:40 +01:00
Hrushikesh Vaidya 3fadf141e6 Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. 2022-01-20 07:19:52 +01:00
Mariusz Felisiak 5def7f3f74 Updated various links to HTTPS and new locations. 
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
 2021-12-02 11:27:29 +01:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Mariusz Felisiak d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files. 
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
 2021-04-06 08:15:17 +02:00
aryan 11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads. 
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2020-09-30 10:30:43 +02:00
Michael Brown 36db4dd937 Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. 2020-06-11 08:46:59 +02:00
007 e65fea9292 Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. 2020-02-28 14:43:16 +01:00
Jon Dufresne b915b9f10f Refs #27753 -- Deprecated django.utils.text.unescape_entities(). 
The function was undocumented and only required for compatibility with
Python 2.

Code should use Python's html.unescape() that was added in Python 3.4.
 2019-05-08 08:00:59 +02:00
Jon Dufresne 8b3f1c35dd Removed unnecessary assignments in various code. 2019-04-24 13:09:29 +02:00
Tim Graham 8ec7ded370 Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart request. 2019-03-02 09:19:05 -05:00
Tim Graham 2ed2acf872 Fixed #30227 -- Fixed crash on request without boundary in Content-Type. 2019-03-02 09:19:05 -05:00
Nick Pope 5013d38380 Optimized iterator exhaustion using collections.deque(). 2019-02-14 18:21:57 -05:00
Aymeric Augustin 3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Дилян Палаузов 4c599ece57 Fixed #28930 -- Simplified code with any() and all(). 2017-12-26 17:11:15 -05:00
Mariusz Felisiak 3f9d85d95c Removed unused eof argument to BoundaryIter._find_boundary(). 
Unused since its introduction in d725cc9734.
 2017-09-22 10:47:14 -04:00
Tom 7afb476469 Fixed #28226 -- Replaced use of str.join() with concatenation. 2017-05-27 13:59:05 -04:00
Anton Samarchyan 3eb679a869 Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257. 2017-02-20 19:57:33 -05:00
Tim Graham 75f0070a54 Fixed #27308 -- Fixed BytesWarnings in the test suite. 2017-02-17 16:04:45 -05:00
Vytis Banaitis d1bab24e01 Refs #23919, #27778 -- Removed obsolete mentions of unicode. 2017-01-26 08:19:27 -05:00
Tim Graham 90db4bb0d7 Corrected http.multipartparser.exhaust() docstring. 
MultiPartParserError was removed in
ebf34c3cdc.
 2017-01-25 13:00:00 -05:00
Mads Jensen ebf34c3cdc Removed unused variables that are overwritten. 2017-01-25 09:14:05 -05:00
Claude Paroz 6e55e1d88a Refs #23919 -- Replaced six.reraise by raise 2017-01-22 20:08:04 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage 
Thanks Tim Graham for the review.
 2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage 
Thanks Tim Graham and Simon Charette for the reviews.
 2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage 
Thanks Tim Graham for the review.
 2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Vinay Karanam 4a246a02bd Refs #17235 -- Made MultiPartParser leave request.POST immutable. 2016-12-07 08:28:46 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Jon Dufresne a8f957797d Fixed comment typo in multiparser.py 2016-06-05 16:36:59 -04:00
Asif Saifuddin Auvi dc88516e5b Made style improvements to multipartparser.py 2016-06-04 11:06:25 -04:00
Andre Cruz 929684d6ee Fixed #21231 -- Enforced a max size for GET/POST values read into memory. 
Thanks Tom Christie for review.
 2016-05-12 10:17:52 -04:00
Tim Graham 086510fde0 Removed HTTP prefixed CONTENT_TYPE/LENGTH headers in MultiPartParser. 
The docs say that these headers always appear without the HTTP_ prefix.
This may have been an oversight when they were added in
d725cc9734, the only commit that uses
these names.
 2016-05-06 10:30:03 -04:00
Tim Graham ead21a1949 Refs #22897 -- Removed unneeded empty string QueryDict argument. 2016-05-03 12:04:08 -04:00
John-Mark Bell 4b129ac81f Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 2016-03-07 13:19:39 -05:00
Tim Graham 3f2de80318 Refs #23763 -- Fixed Python 3.5 PendingDeprecationWarning in LazyStream. 
Fixed "PendingDeprecationWarning: generator 'LazyStream.read.<locals>.parts'
raised StopIteration" per PEP 0479.
 2015-06-17 06:55:16 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Raul Cumplido ac650d02cb Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers 
Thanks Tom Christie for the report and review.
 2015-01-27 20:12:22 +01:00
Jason Hobbs e1424b2370 Fixed #23397 -- Stripped whitespace from base64 during chunking 
This insures the actual base64 content has a length a multiple of 4.
Also added a test case for the failure.
 2014-09-13 19:06:21 +02:00
Claude Paroz b42e5ca058 Fixed #22971 -- Properly parsed RFC 2388 encoded headers 
Thanks homm for the report, Cea Stapleton for patch improvements
and Ian Cordasco, Christian Schmitt and Tim Graham for the review.
 2014-08-14 11:45:43 +02:00
Florian Apolloner e2efc8965e Fixed #22680 -- I/O operation on closed file. 
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
 2014-06-11 08:57:30 +02:00
mbacho 8a9d54aa69 Fixed typo in multipartparser.py 2014-05-16 05:34:40 -04:00