Commit Graph

112 Commits

Author SHA1 Message Date
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Sultan 6599608c4d
Fixed #32098 -- Made FieldFile use FileField.attname.
After a93425a37f FileDescriptor is a
subclass of DeferredAttribute and uses FileField.attname to access the
field data, so that custom subclasses can not only save data to files,
but also represent the same data with a different data type by
attaching FileFiled.name to a particular descriptor.

Follow up to a93425a37f.
2020-10-12 07:22:59 +02:00
Brian Helba 2d42e23b6d Fixed #31941 -- Corrected FileField.deconstruct() with a callable storage. 2020-09-02 11:06:18 +02:00
Matthias Kestenholz c1f8d87bb0 Fixed #31812 -- Fixed FileField.model for fields defined in abstract models.
Regression in a93425a37f.
2020-07-24 11:06:57 +02:00
alosultan a93425a37f Fixed #31701 -- Made FileDescriptor subclass DeferredAttribute. 2020-06-30 08:25:20 +02:00
Sultan 6b25d24a57
Fixed #31706 -- Removed unnecessary getattr() call in FileDescriptor.__get__().
refresh_from_db() loads fields values.
2020-06-15 07:26:49 +02:00
miigotu 210657b791 Fixed #28184 -- Allowed using a callable for FileField and ImageField storage. 2020-04-08 11:26:17 +02:00
Hasan Ramezani f600e3fad6 Fixed #21238 -- Fixed restoring attributes when pickling FileField and ImageField. 2020-01-09 09:37:59 +01:00
Claude Paroz d1c2e6dd04 Refs #28428 -- Made FileField.upload_to support pathlib.Path. 2019-08-18 20:34:58 +02:00
Ramiro Morales aed89adad5 Fixed #30367 -- Changed "pip install" to "python -m pip install" in docs, comments and hints. 2019-04-18 14:41:15 +02:00
Jon Dufresne 7e3bf2662b Removed default mode='r' argument from calls to open(). 2019-01-27 17:41:43 -05:00
Brett Cannon 64b74804c5 Fixed #29334 -- Updated pypi.python.org URLs to pypi.org. 2018-04-17 20:24:27 -04:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Tim Graham acc8dd4142
Fixed #28984 -- Made assorted code simplifications. 2018-01-03 13:24:02 -05:00
Дилян Палаузов d79cf1e9e2 Fixed #28985 -- Removed unneeded None checks before hasattr(). 2018-01-03 11:37:06 -05:00
Nick Pope d13a9e44de Fixed #28909 -- Simplified code using tuple/list/set/dict unpacking. 2017-12-11 07:08:45 -05:00
Дилян Палаузов 87c76aa116 Fixed #28873 -- Used dict.setdefault() to set model and form field defaults. 2017-12-04 13:28:48 -05:00
Manatsawin Hanmongkolchai a0c07d77fc Fixed #28242 -- Moved ImageField file extension validation to the form field. 2017-06-01 10:13:23 -04:00
Ingo Klöcker c4536c4a54 Fixed #27777 -- Made File.open() work with the with statement (#8310)
Fixed #27777 -- Made File.open() work with the with statement
2017-04-07 14:21:06 +02:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
Anton Samarchyan 60e52a047e Refs #27656 -- Updated django.db docstring verbs according to PEP 257. 2017-02-28 09:17:27 -05:00
Tim Graham d6e26e5b7c Removed obsolete references to form_for_instance(). 2017-02-28 07:37:25 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases
Thanks Tim Graham for the review.
2017-02-07 09:04:04 +01:00
Vytis Banaitis d1bab24e01 Refs #23919, #27778 -- Removed obsolete mentions of unicode. 2017-01-26 08:19:27 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz 042b7350a0 Refs #23919 -- Removed unneeded str() calls 2017-01-20 14:13:55 +01:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Aymeric Augustin eb422e476f Refs #23919 -- Removed obsolete __ne__() methods.
__ne__() defaults to the opposite of __eq__() on Python 3
when it doesn't return NotImplemented.
2017-01-18 21:44:00 -05:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Tim Graham 0dfc5479a8 Refs #26058 -- Removed deprecated FileField.get_directory_name()/get_filename(). 2017-01-17 20:52:04 -05:00
Lex Berezhny 1a9bd75bfa Refs #27358 -- Fixed system check crash with an empty FileField.upload_to. 2016-11-30 10:07:42 -05:00
Henry Dang 7cddd8a02e Fixed #27358 -- Added a system check to prevent FileField's upload_to from starting with a slash.
Thanks Frank Bijlsma for the initial patch.
2016-11-29 16:12:24 -05:00
Michael Scott ec9ed07488 Fixed #27188 -- Allowed using unique=True with FileField.
Thanks Tim Graham for the initial patch.
2016-10-28 20:11:03 -04:00
Adam Chidlow f734e2d4b2 Fixed #27334 -- Allowed FileField to move rather than copy a file.
When a FileField is set to an instance of File that is not also an
instance of FieldFile, pre_save() passes that object as the contents to
Storage.save(). This allows the file to be moved rather than copied
to the upload destination.
2016-10-26 12:25:30 -04:00
Berker Peksag a02b5848ae Replaced property() usage with decorator in several places. 2016-08-25 20:06:22 -04:00
Chris Sinchok ac1975b18b Fixed #13809 -- Made FieldFile.open() respect its mode argument. 2016-08-09 12:53:18 -04:00
Tim Graham 7c33aa8a87 Fixed #26900 -- Fixed crash accessing deferred FileFields. 2016-07-16 08:22:24 -04:00
Berker Peksag 12b4280444 Fixed #21548 -- Added FileExtensionValidator and validate_image_file_extension. 2016-06-30 09:08:50 -04:00
Tim Graham 7def55c3f6 Reverted "Fixed #26398 -- Made FieldFile.open() respect its mode argument."
This reverts commit a52a531a8b due to
regressions described in refs #26772.
2016-06-17 21:04:02 -04:00
Claude Paroz 388bb5bd9a Fixed #22936 -- Obsoleted Field.get_prep_lookup()/get_db_prep_lookup()
Thanks Tim Graham for completing the initial patch.
2016-05-04 20:02:01 +02:00
Cristiano 914c72be2a Fixed #26058 -- Delegated os.path bits of FileField's filename generation to the Storage. 2016-04-30 17:22:40 -04:00
Tim Graham df8d8d4292 Fixed E128 flake8 warnings in django/. 2016-04-08 09:51:06 -04:00
Tim Graham 2cd2d18851 Fixed W503 flake8 warnings. 2016-04-04 17:14:26 -04:00
Alexey Kotlyarov a52a531a8b Fixed #26398 -- Made FieldFile.open() respect its mode argument. 2016-03-23 10:05:26 -04:00
Tim Graham f15f4b8bb6 Refs #26367 -- Removed obsolete _size cache on FieldField.
The _size attribute is used in File.size but FieldFile overrides it.
2016-03-17 10:25:17 -04:00
Tim Graham 004ba0f99e Removed unneeded hint=None/obj=None in system check messages. 2016-02-12 13:01:25 -05:00
Chris Lamb 77b8d8cb6d Discouraged use of /tmp with predictable names.
The use of predictable filenames in /tmp often leads to symlink attacks
so remove the most obvious use of them in the docs.
2015-12-24 09:54:33 -05:00
Attila Tovt 6f229048dd Fixed #25547 -- Made Model.refresh_from_db() update FileField's instance. 2015-12-05 17:23:13 -05:00