Commit Graph

40 Commits

Author SHA1 Message Date
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Sergey Fedoseev e17776e2cd Removed redundant UploadedFile.DEFAULT_CHUNK_SIZE.
The same value is inherited from File.
2018-03-12 09:12:44 -04:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Claude Paroz 6352d06cd0 Fixed #26651 -- Kept original file suffix in TemporaryUploadedFile name
Thanks Tim Graham for the review.
2017-06-05 18:55:44 +02:00
Ingo Klöcker c4536c4a54 Fixed #27777 -- Made File.open() work with the with statement (#8310)
Fixed #27777 -- Made File.open() work with the with statement
2017-04-07 14:21:06 +02:00
Anton Samarchyan 5a6f70b428 Refs #27656 -- Updated django.core docstring verbs according to PEP 257. 2017-02-21 11:58:42 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Tim Graham 632c4ffd9c Refs #23919 -- Replaced errno checking with PEP 3151 exceptions. 2017-01-25 10:13:08 -05:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Jon Dufresne cd88faa628 Removed unnecessary check in TemporaryUploadedFile.
If settings.FILE_UPLOAD_TEMP_DIR is the default value of None,
NamedTemporaryFile will work the same as if nothing was passed.
2016-06-11 20:45:11 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Florian Apolloner e2efc8965e Fixed #22680 -- I/O operation on closed file.
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
2014-06-11 08:57:30 +02:00
Dmitro d3e33fff12 Made content_type_extra optional for TemporaryUploadedFile and MemoryUploadedFile.
This provides better backwards compatibility for those constructing these
objects manually.

Refs #13721.
2014-02-18 07:49:42 -05:00
xuxiang 4cfe6ba6a3 Use `classmethod` as a decorator. 2013-11-19 23:08:21 -05:00
Alex Gaynor c347f78cc1 Fixed all E226 violations 2013-11-03 10:08:55 -08:00
Alex Gaynor 4ad9f4d4ea Replaced a hardcoded "2" with the right named constant 2013-11-02 12:55:36 -07:00
homm 7008ed61c5 Fixed #21033 -- Fixed uploaded filenames not always being truncated to 255 characters 2013-09-10 01:55:16 +02:00
Benjamin Kagia b0953dc913 Fixed #13721 -- Added UploadedFile.content_type_extra.
Thanks Waldemar Kornewald and mvschaik for work on the patch.
2013-07-11 09:11:59 -04:00
Claude Paroz ae88e73fa6 Replaced some smart_xxx by force_xxx equivalent
smart_str/smart_text should only be used when a potential lazy
string should be preserved in the result of the function call.
2012-08-30 15:46:16 +02:00
Claude Paroz dce34dc969 [py3] Made __repr__ return str with Python 3 2012-08-12 20:45:39 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Claude Paroz 38408f8007 Marked bytestrings with b prefix. Refs #18269
This is a preparation for unicode literals general usage in
Django (Python 3 compatibility).
2012-05-19 17:43:34 +02:00
Claude Paroz d7dfab59ea Replaced cStringIO.StringIO by io.BytesIO.
Also replaced StringIO.StringIO by BytesIO in some other appropriate
places. StringIO is not available in Python 3.
2012-05-05 21:41:44 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Jacob Kaplan-Moss 2b0903b2c4 Fixed #10404: ImageField height_field and width_field options no longer depend on putting the image field after the height/width fields as they did after r9766.
This bug actually exposed a related handful of inconsistancies in the underlying file handling and wraping, so a few related changes are in here as well:

    * Dimensions are also now calculated the moment the image is assigned to the field instead of upon save.
    * The base `File` object now when possible delegates its closed attribute down to the os-level file it wrapps.
    * In-memory files' `close()` now is a no-op. Without this certain APIs that should be able to handle in-memory files were failing.
    * Accessing `FieldFile.closed` used to open the file. That's silly, and it doesn't any more.
    * Some over-eager error handling was squishing some errors that would normally be raised. One unit test was incorrectly depending on this behavior, so the test was removed.

Thanks to Armin Ronacher for much of this work.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10737 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-11 09:57:19 +00:00
Jacob Kaplan-Moss 68a890e79f Fixed #7712, #9404, #10249, #10300: a light refactor and cleanup of file storage and the `File` object. Thanks to Armin Ronacher and Alex Gaynor.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10717 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08 15:08:09 +00:00
Jacob Kaplan-Moss c33aeaa082 FIxed #8156: `UploadedFile.__repr__` now returns a string, a good `__repr__` should.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 20:53:02 +00:00
Jacob Kaplan-Moss 615ed20006 Fixed #7769: Added a couple missing file methods to `TemporaryUploadedFile`. Thanks, Mads Sülau Jørgensen.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8634 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 20:29:45 +00:00
Gary Wilson Jr ef48a3e69c Fixed #7830 -- Removed all of the remaining, deprecated, non-oldforms features:
* Support for representing files as strings was removed. Use `django.core.files.base.ContentFile` instead.
 * Support for representing uploaded files as dictionaries was removed. Use `django.core.files.uploadedfile.SimpleUploadedFile` instead.
 * The `filename`, `file_name`, `file_size`, and `chuck` properties of `UploadedFile` were removed. Use the `name`, `name`, `size`, and `chunks` properties instead, respectively.
 * The `get_FIELD_filename`, `get_FIELD_url`, `get_FIELD_size`, and `save_FIELD_file` methods for Models with `FileField` fields were removed. Instead, use the `path`, `url`, and `size` attributes and `save` method on the field itself, respectively.
 * The `get_FIELD_width` and `get_FIELD_height` methods for Models with `ImageField` fields were removed. Use the `width` and `height` attributes on the field itself instead.
 * The dispatcher `connect`, `disconnect`, `send`, and `sendExact` functions were removed. Use the signal object's own `connect`, `disconnect`, `send`, and `send` methods instead, respectively.
 * The `form_for_model` and `form_for_instance` functions were removed. Use a `ModelForm` subclass instead.
 * Support for importing `django.newforms` was removed. Use `django.forms` instead.
 * Support for importing `django.utils.images` was removed. Use `django.core.files.images` instead.
 * Support for the `follow` argument in the `create_object` and `update_object` generic views was removed. Use the `django.forms` package and the new `form_class` argument instead.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8291 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-10 21:10:47 +00:00
Jacob Kaplan-Moss 7899568e01 File storage refactoring, adding far more flexibility to Django's file handling. The new files.txt document has details of the new features.
This is a backwards-incompatible change; consult BackwardsIncompatibleChanges for details.

Fixes #3567, #3621, #4345, #5361, #5655, #7415.

Many thanks to Marty Alchin who did the vast majority of this work.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8244 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-08 20:59:02 +00:00
Jacob Kaplan-Moss 98d8acf33f Fixed #7683: Try not to delete uploaded files before moving them, and don't wig out of someone else does. Patch from screeley and spaetz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8217 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-05 17:43:05 +00:00
Malcolm Tredinnick 103d484807 Fixed #7658 -- Added some Windows-specific tempfile handling. The standard
stuff doesn't work with the way Django's file uploading code wants to operate.
Patch from Mike Axiak.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8096 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-26 22:48:51 +00:00
Jacob Kaplan-Moss 476d5f2c0d Fixed #7675: corrected TemporaryUploadedFile.temporary_file_path. Thanks, Florian Apolloner.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7908 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-12 20:43:52 +00:00
Jacob Kaplan-Moss f804e7f038 Fixed deprecated UploadedFile.data attribute. Refs #7614.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7861 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-07 23:36:45 +00:00
Jacob Kaplan-Moss c83e9abb34 Added a missing deprecated property (UploadedFile.filename) from [7859]. Refs #7614.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7860 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-07 23:36:35 +00:00
Jacob Kaplan-Moss a28b75b0ba Fixed #7614: the quickening has come, and there now is only one UploadedFile. On top of that, UploadedFile's interface has been improved:
* The API now more closely matches a proper file API. This unfortunately means a few backwards-incompatible renamings; see BackwardsIncompatibleChanges. This refs #7593.
  * While we were at it, renamed chunk() to chunks() to clarify that it's an iterator.
  * Temporary uploaded files now property use the tempfile library behind the scenes which should ensure better cleanup of tempfiles (refs #7593 again).

Thanks to Mike Axiak for the bulk of this patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7859 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-07 23:16:00 +00:00
Gary Wilson Jr 1bfe994409 Corrected typo in `uploadedfile` module.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7829 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-03 06:04:17 +00:00
Jacob Kaplan-Moss bcb1c6dc71 Oops, missed a changed file in [7817].
git-svn-id: http://code.djangoproject.com/svn/django/trunk@7818 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-01 18:49:01 +00:00
Jacob Kaplan-Moss d725cc9734 Fixed #2070: refactored Django's file upload capabilities.
A description of the new features can be found in the new [http://www.djangoproject.com/documentation/upload_handing/ upload handling documentation]; the executive summary is that Django will now happily handle uploads of large files without issues.

This changes the representation of uploaded files from dictionaries to bona fide objects; see BackwardsIncompatibleChanges for details.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@7814 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-07-01 15:10:51 +00:00