Mariusz Felisiak
b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
...
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb3691
.
2021-05-13 08:53:44 +02:00
Florian Apolloner
0b79eb3691
Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.
2021-05-04 08:44:42 +02:00
Sultan
6599608c4d
Fixed #32098 -- Made FieldFile use FileField.attname.
...
After a93425a37f
FileDescriptor is a
subclass of DeferredAttribute and uses FileField.attname to access the
field data, so that custom subclasses can not only save data to files,
but also represent the same data with a different data type by
attaching FileFiled.name to a particular descriptor.
Follow up to a93425a37f
.
2020-10-12 07:22:59 +02:00
Brian Helba
2d42e23b6d
Fixed #31941 -- Corrected FileField.deconstruct() with a callable storage.
2020-09-02 11:06:18 +02:00
Matthias Kestenholz
c1f8d87bb0
Fixed #31812 -- Fixed FileField.model for fields defined in abstract models.
...
Regression in a93425a37f
.
2020-07-24 11:06:57 +02:00
alosultan
a93425a37f
Fixed #31701 -- Made FileDescriptor subclass DeferredAttribute.
2020-06-30 08:25:20 +02:00
Sultan
6b25d24a57
Fixed #31706 -- Removed unnecessary getattr() call in FileDescriptor.__get__().
...
refresh_from_db() loads fields values.
2020-06-15 07:26:49 +02:00
miigotu
210657b791
Fixed #28184 -- Allowed using a callable for FileField and ImageField storage.
2020-04-08 11:26:17 +02:00
Hasan Ramezani
f600e3fad6
Fixed #21238 -- Fixed restoring attributes when pickling FileField and ImageField.
2020-01-09 09:37:59 +01:00
Claude Paroz
d1c2e6dd04
Refs #28428 -- Made FileField.upload_to support pathlib.Path.
2019-08-18 20:34:58 +02:00
Ramiro Morales
aed89adad5
Fixed #30367 -- Changed "pip install" to "python -m pip install" in docs, comments and hints.
2019-04-18 14:41:15 +02:00
Jon Dufresne
7e3bf2662b
Removed default mode='r' argument from calls to open().
2019-01-27 17:41:43 -05:00
Brett Cannon
64b74804c5
Fixed #29334 -- Updated pypi.python.org URLs to pypi.org.
2018-04-17 20:24:27 -04:00
Дилян Палаузов
d7b2aa24f7
Fixed #28982 -- Simplified code with and/or.
2018-01-03 20:12:23 -05:00
Tim Graham
acc8dd4142
Fixed #28984 -- Made assorted code simplifications.
2018-01-03 13:24:02 -05:00
Дилян Палаузов
d79cf1e9e2
Fixed #28985 -- Removed unneeded None checks before hasattr().
2018-01-03 11:37:06 -05:00
Nick Pope
d13a9e44de
Fixed #28909 -- Simplified code using tuple/list/set/dict unpacking.
2017-12-11 07:08:45 -05:00
Дилян Палаузов
87c76aa116
Fixed #28873 -- Used dict.setdefault() to set model and form field defaults.
2017-12-04 13:28:48 -05:00
Manatsawin Hanmongkolchai
a0c07d77fc
Fixed #28242 -- Moved ImageField file extension validation to the form field.
2017-06-01 10:13:23 -04:00
Ingo Klöcker
c4536c4a54
Fixed #27777 -- Made File.open() work with the with statement ( #8310 )
...
Fixed #27777 -- Made File.open() work with the with statement
2017-04-07 14:21:06 +02:00
Claude Paroz
8346680e1c
Refs #27795 -- Removed unneeded force_text calls
...
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Anton Samarchyan
60e52a047e
Refs #27656 -- Updated django.db docstring verbs according to PEP 257.
2017-02-28 09:17:27 -05:00
Tim Graham
d6e26e5b7c
Removed obsolete references to form_for_instance().
2017-02-28 07:37:25 -05:00
Claude Paroz
c651331b34
Converted usage of ugettext* functions to their gettext* aliases
...
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Vytis Banaitis
d1bab24e01
Refs #23919 , #27778 -- Removed obsolete mentions of unicode.
2017-01-26 08:19:27 -05:00
chillaranand
d6eaf7c018
Refs #23919 -- Replaced super(ClassName, self) with super().
2017-01-25 12:23:46 -05:00
Claude Paroz
042b7350a0
Refs #23919 -- Removed unneeded str() calls
2017-01-20 14:13:55 +01:00
Claude Paroz
dc8834cad4
Refs #23919 -- Removed unneeded force_str calls
2017-01-20 08:44:31 +01:00
Simon Charette
cecc079168
Refs #23919 -- Stopped inheriting from object to define new style classes.
2017-01-19 08:39:46 +01:00
Aymeric Augustin
eb422e476f
Refs #23919 -- Removed obsolete __ne__() methods.
...
__ne__() defaults to the opposite of __eq__() on Python 3
when it doesn't return NotImplemented.
2017-01-18 21:44:00 -05:00
Claude Paroz
7b2f2e74ad
Refs #23919 -- Removed six.<various>_types usage
...
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Tim Graham
0dfc5479a8
Refs #26058 -- Removed deprecated FileField.get_directory_name()/get_filename().
2017-01-17 20:52:04 -05:00
Lex Berezhny
1a9bd75bfa
Refs #27358 -- Fixed system check crash with an empty FileField.upload_to.
2016-11-30 10:07:42 -05:00
Henry Dang
7cddd8a02e
Fixed #27358 -- Added a system check to prevent FileField's upload_to from starting with a slash.
...
Thanks Frank Bijlsma for the initial patch.
2016-11-29 16:12:24 -05:00
Michael Scott
ec9ed07488
Fixed #27188 -- Allowed using unique=True with FileField.
...
Thanks Tim Graham for the initial patch.
2016-10-28 20:11:03 -04:00
Adam Chidlow
f734e2d4b2
Fixed #27334 -- Allowed FileField to move rather than copy a file.
...
When a FileField is set to an instance of File that is not also an
instance of FieldFile, pre_save() passes that object as the contents to
Storage.save(). This allows the file to be moved rather than copied
to the upload destination.
2016-10-26 12:25:30 -04:00
Berker Peksag
a02b5848ae
Replaced property() usage with decorator in several places.
2016-08-25 20:06:22 -04:00
Chris Sinchok
ac1975b18b
Fixed #13809 -- Made FieldFile.open() respect its mode argument.
2016-08-09 12:53:18 -04:00
Tim Graham
7c33aa8a87
Fixed #26900 -- Fixed crash accessing deferred FileFields.
2016-07-16 08:22:24 -04:00
Berker Peksag
12b4280444
Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension.
2016-06-30 09:08:50 -04:00
Tim Graham
7def55c3f6
Reverted "Fixed #26398 -- Made FieldFile.open() respect its mode argument."
...
This reverts commit a52a531a8b
due to
regressions described in refs #26772 .
2016-06-17 21:04:02 -04:00
Claude Paroz
388bb5bd9a
Fixed #22936 -- Obsoleted Field.get_prep_lookup()/get_db_prep_lookup()
...
Thanks Tim Graham for completing the initial patch.
2016-05-04 20:02:01 +02:00
Cristiano
914c72be2a
Fixed #26058 -- Delegated os.path bits of FileField's filename generation to the Storage.
2016-04-30 17:22:40 -04:00
Tim Graham
df8d8d4292
Fixed E128 flake8 warnings in django/.
2016-04-08 09:51:06 -04:00
Tim Graham
2cd2d18851
Fixed W503 flake8 warnings.
2016-04-04 17:14:26 -04:00
Alexey Kotlyarov
a52a531a8b
Fixed #26398 -- Made FieldFile.open() respect its mode argument.
2016-03-23 10:05:26 -04:00
Tim Graham
f15f4b8bb6
Refs #26367 -- Removed obsolete _size cache on FieldField.
...
The _size attribute is used in File.size but FieldFile overrides it.
2016-03-17 10:25:17 -04:00
Tim Graham
004ba0f99e
Removed unneeded hint=None/obj=None in system check messages.
2016-02-12 13:01:25 -05:00
Chris Lamb
77b8d8cb6d
Discouraged use of /tmp with predictable names.
...
The use of predictable filenames in /tmp often leads to symlink attacks
so remove the most obvious use of them in the docs.
2015-12-24 09:54:33 -05:00
Attila Tovt
6f229048dd
Fixed #25547 -- Made Model.refresh_from_db() update FileField's instance.
2015-12-05 17:23:13 -05:00