Mariusz Felisiak
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
Mariusz Felisiak
fc18f36c4a
Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.
...
Thanks Alan Ryan for the report and initial patch.
2022-02-01 07:41:40 +01:00
Hrushikesh Vaidya
3fadf141e6
Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names.
2022-01-20 07:19:52 +01:00
Mariusz Felisiak
5def7f3f74
Updated various links to HTTPS and new locations.
...
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-02 11:27:29 +01:00
Florian Apolloner
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
Mariusz Felisiak
d4d800ca1a
Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
...
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
aryan
11c4a4412b
Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
...
This patch allows upload handlers to handle interrupted uploads.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
Michael Brown
36db4dd937
Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash.
2020-06-11 08:46:59 +02:00
007
e65fea9292
Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.
2020-02-28 14:43:16 +01:00
Jon Dufresne
b915b9f10f
Refs #27753 -- Deprecated django.utils.text.unescape_entities().
...
The function was undocumented and only required for compatibility with
Python 2.
Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
Jon Dufresne
8b3f1c35dd
Removed unnecessary assignments in various code.
2019-04-24 13:09:29 +02:00
Tim Graham
8ec7ded370
Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart request.
2019-03-02 09:19:05 -05:00
Tim Graham
2ed2acf872
Fixed #30227 -- Fixed crash on request without boundary in Content-Type.
2019-03-02 09:19:05 -05:00
Nick Pope
5013d38380
Optimized iterator exhaustion using collections.deque().
2019-02-14 18:21:57 -05:00
Aymeric Augustin
3bb6a4390c
Refs #27753 -- Favored force/smart_str() over force/smart_text().
2019-02-06 14:12:06 -05:00
Дилян Палаузов
4c599ece57
Fixed #28930 -- Simplified code with any() and all().
2017-12-26 17:11:15 -05:00
Mariusz Felisiak
3f9d85d95c
Removed unused eof argument to BoundaryIter._find_boundary().
...
Unused since its introduction in d725cc9734
.
2017-09-22 10:47:14 -04:00
Tom
7afb476469
Fixed #28226 -- Replaced use of str.join() with concatenation.
2017-05-27 13:59:05 -04:00
Anton Samarchyan
3eb679a869
Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257.
2017-02-20 19:57:33 -05:00
Tim Graham
75f0070a54
Fixed #27308 -- Fixed BytesWarnings in the test suite.
2017-02-17 16:04:45 -05:00
Vytis Banaitis
d1bab24e01
Refs #23919 , #27778 -- Removed obsolete mentions of unicode.
2017-01-26 08:19:27 -05:00
Tim Graham
90db4bb0d7
Corrected http.multipartparser.exhaust() docstring.
...
MultiPartParserError was removed in
ebf34c3cdc
.
2017-01-25 13:00:00 -05:00
Mads Jensen
ebf34c3cdc
Removed unused variables that are overwritten.
2017-01-25 09:14:05 -05:00
Claude Paroz
6e55e1d88a
Refs #23919 -- Replaced six.reraise by raise
2017-01-22 20:08:04 +01:00
Simon Charette
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
Claude Paroz
2b281cc35e
Refs #23919 -- Removed most of remaining six usage
...
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz
c716fe8782
Refs #23919 -- Removed six.PY2/PY3 usage
...
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz
d7b9aaa366
Refs #23919 -- Removed encoding preambles and future imports
2017-01-18 09:55:19 +01:00
Vinay Karanam
4a246a02bd
Refs #17235 -- Made MultiPartParser leave request.POST immutable.
2016-12-07 08:28:46 -05:00
Ramin Farajpour Cami
967be82443
Fixed E305 flake8 warnings.
2016-11-14 12:30:46 -05:00
Jon Dufresne
a8f957797d
Fixed comment typo in multiparser.py
2016-06-05 16:36:59 -04:00
Asif Saifuddin Auvi
dc88516e5b
Made style improvements to multipartparser.py
2016-06-04 11:06:25 -04:00
Andre Cruz
929684d6ee
Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
...
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham
086510fde0
Removed HTTP prefixed CONTENT_TYPE/LENGTH headers in MultiPartParser.
...
The docs say that these headers always appear without the HTTP_ prefix.
This may have been an oversight when they were added in
d725cc9734
, the only commit that uses
these names.
2016-05-06 10:30:03 -04:00
Tim Graham
ead21a1949
Refs #22897 -- Removed unneeded empty string QueryDict argument.
2016-05-03 12:04:08 -04:00
John-Mark Bell
4b129ac81f
Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string.
2016-03-07 13:19:39 -05:00
Tim Graham
3f2de80318
Refs #23763 -- Fixed Python 3.5 PendingDeprecationWarning in LazyStream.
...
Fixed "PendingDeprecationWarning: generator 'LazyStream.read.<locals>.parts'
raised StopIteration" per PEP 0479.
2015-06-17 06:55:16 -04:00
Tim Graham
0ed7d15563
Sorted imports with isort; refs #23860 .
2015-02-06 08:16:28 -05:00
Raul Cumplido
ac650d02cb
Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers
...
Thanks Tom Christie for the report and review.
2015-01-27 20:12:22 +01:00
Jason Hobbs
e1424b2370
Fixed #23397 -- Stripped whitespace from base64 during chunking
...
This insures the actual base64 content has a length a multiple of 4.
Also added a test case for the failure.
2014-09-13 19:06:21 +02:00
Claude Paroz
b42e5ca058
Fixed #22971 -- Properly parsed RFC 2388 encoded headers
...
Thanks homm for the report, Cea Stapleton for patch improvements
and Ian Cordasco, Christian Schmitt and Tim Graham for the review.
2014-08-14 11:45:43 +02:00
Florian Apolloner
e2efc8965e
Fixed #22680 -- I/O operation on closed file.
...
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
2014-06-11 08:57:30 +02:00
mbacho
8a9d54aa69
Fixed typo in multipartparser.py
2014-05-16 05:34:40 -04:00
Rodolfo Carvalho
0d91225892
Fixed many typos in comments and docstrings.
...
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Loic Bistuer
6685713869
Fixed E127 pep8 warnings.
2013-12-14 11:59:15 -05:00
Alex Gaynor
c347f78cc1
Fixed all E226 violations
2013-11-03 10:08:55 -08:00
Milton Mazzarri
cbc7cbbc5b
Fixed flake8 E251 violations
2013-11-03 03:22:11 -06:00
Alex Gaynor
fe995e6cbd
Fixed the remaining E302 violations int eh django package
2013-11-02 17:37:15 -07:00