Commit Graph

219 Commits

Author SHA1 Message Date
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
Nick Pope d06c5b3581 Fixed #32366 -- Updated datetime module usage to recommended approach.
- Replaced datetime.utcnow() with datetime.now().
- Replaced datetime.utcfromtimestamp() with datetime.fromtimestamp().
- Replaced datetime.utctimetuple() with datetime.timetuple().
- Replaced calendar.timegm() and datetime.utctimetuple() with datetime.timestamp().
2021-05-12 11:08:41 +02:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Daniyal 474cc420bf Refs #32508 -- Raised Type/ValueError instead of using "assert" in django.core. 2021-03-19 08:04:37 +01:00
aryan 11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
Hasan Ramezani 7be6a6a4d6 Fixed #31989 -- Fixed return value of django.core.files.locks.lock()/unlock() on POSIX systems. 2020-09-15 10:21:26 +02:00
Mariusz Felisiak 8d7271578d Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
Thanks WhiteSage for the report.
2020-09-01 09:17:23 +02:00
David Smith e74b3d724e Bumped minimum isort version to 5.1.0.
Fixed inner imports per isort 5.
isort 5.0.0 to 5.1.0 was unstable.
2020-07-30 10:58:59 +02:00
Hasan Ramezani 17752003a8 Refs #28428 -- Made FileSystemStorage.save() to support pathlib.Path. 2019-10-31 09:06:05 +01:00
yukihira1992 0545781764 Fixed #30736 -- Added Storage.get_alternative_name() to allow customization. 2019-08-30 11:32:19 +02:00
Min ho Kim 65e86948b8 Corrected several typos in string literals and test names. 2019-08-07 11:23:14 +02:00
Mariusz Felisiak 881362986a Fixed "byte string" typo in various docs and comments. 2019-03-28 10:00:12 +01:00
Jon Dufresne 290d8471bb Fixed #30147 -- Simplified directory creation with os.makedirs(..., exist_ok=True). 2019-01-31 12:53:36 -05:00
Jon Dufresne 7785e03ba8 Fixed #30137 -- Replaced OSError aliases with the canonical OSError.
Used more specific errors (e.g. FileExistsError) as appropriate.
2019-01-28 11:15:06 -05:00
Tim Graham 98ef3829e9 Fixed #29890 -- Fixed FileSystemStorage crash if concurrent saves try to create the same directory.
Regression in 632c4ffd9c.
2018-10-31 19:28:11 -04:00
Tim Graham 4268d275b8 Fixed #29857 -- Added get_storage_class to django.core.files.storage.__all__. 2018-10-17 09:03:51 -04:00
Jon Dufresne e90af8bad4 Capitalized "Python" in docs and comments. 2018-10-09 09:26:07 -04:00
Jon Dufresne 82f286cf6f Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
winkidney c69d40f943 Fixed #29705 -- Fixed ImageField RuntimeError crash for WebP files. 2018-08-23 09:04:25 -04:00
Federico Bond a0ca4b5694 Fixed #29689 -- Improved performance of FileSystemStorage.listdir() and FilePathField with os.scandir(). 2018-08-20 17:58:00 -04:00
Thomas Grainger 69eb70456b Fixed typo in ContentFile docstring. 2018-07-27 10:58:08 -04:00
Jon Prindiville b4cba4ed62 Fixed #28144 -- Added FileSystemStorage.OS_OPEN_FLAGS to allow customization. 2018-06-29 15:51:59 -04:00
Tim Graham 2ec151e35d Fixed #29514 -- Reverted "Used datetime.timezone.utc instead of pytz.utc for better performance."
This reverts commit 27ca5ce19f due to a
regression.
2018-06-28 11:14:26 -04:00
Sergey Fedoseev 27ca5ce19f Used datetime.timezone.utc instead of pytz.utc for better performance. 2018-03-20 15:24:16 -04:00
Sergey Fedoseev e17776e2cd Removed redundant UploadedFile.DEFAULT_CHUNK_SIZE.
The same value is inherited from File.
2018-03-12 09:12:44 -04:00
Sergey Fedoseev a5406fe989 Used cached_property for File.size. 2018-03-10 17:21:39 +05:00
Alex Stovbur 2d9ec4d735 Fixed #29188 -- Fixed ContentFile.size after a write(). 2018-03-08 14:07:29 -05:00
Дилян Палаузов a38ae914d8 Fixed #28996 -- Simplified some boolean constructs and removed trivial continue statements. 2018-01-12 12:44:50 -05:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Mariusz Felisiak 0ec0e5029c Removed unnecessary parens in various code. 2017-09-13 21:20:29 -04:00
Tim Graham 6e4c6281db Reverted "Fixed #27818 -- Replaced try/except/pass with contextlib.suppress()."
This reverts commit 550cb3a365
because try/except performs better.
2017-09-07 08:16:21 -04:00
Sergey Fedoseev 8b2515a450 Removed unneeded __init__() methods. 2017-09-07 08:10:49 -04:00
Mads Jensen 550cb3a365 Fixed #27818 -- Replaced try/except/pass with contextlib.suppress(). 2017-06-28 14:07:55 -04:00
Claude Paroz 6352d06cd0 Fixed #26651 -- Kept original file suffix in TemporaryUploadedFile name
Thanks Tim Graham for the review.
2017-06-05 18:55:44 +02:00
Derrick Jackson 789c290150 Fixed #28170 -- Fixed file_move_safe() crash when moving files to a CIFS mount. 2017-05-31 14:52:40 -04:00
Josh Schneier 9b538badb1 Refs #23919 -- Removed File's Python 2 proxied methods. 2017-04-26 14:44:07 -04:00
Ingo Klöcker c4536c4a54 Fixed #27777 -- Made File.open() work with the with statement (#8310)
Fixed #27777 -- Made File.open() work with the with statement
2017-04-07 14:21:06 +02:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls
Thanks Tim Graham for the review.
2017-03-04 18:18:21 +01:00
chillaranand e4025563ea Fixed #27836 -- Allowed FileSystemStorage.delete() to remove directories. 2017-02-24 16:02:33 -05:00
Anton Samarchyan 5a6f70b428 Refs #27656 -- Updated django.core docstring verbs according to PEP 257. 2017-02-21 11:58:42 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Tim Graham 632c4ffd9c Refs #23919 -- Replaced errno checking with PEP 3151 exceptions. 2017-01-25 10:13:08 -05:00
Tim Graham d170c63351 Refs #23919 -- Removed misc references to Python 2. 2017-01-21 20:02:00 -05:00
Tim Graham 4e729feaa6 Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.
These functions do nothing on Python 3.
2017-01-20 08:01:02 -05:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Simon Charette 4c5ed3e683 Refs #23919 -- Removed __nonzero__() methods (for Python 2).
Thanks Tim for the review.
2017-01-19 11:26:26 -05:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00