Commit Graph

52 Commits

Author SHA1 Message Date
Tim Graham 3872a33132 Fixed #24979 -- Removed usage of inspect.getargspec(). 2015-06-15 13:43:22 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Pavel Shpilev a7c256cb54 Fixed #9893 -- Allowed using a field's max_length in the Storage. 2015-01-12 09:09:18 -05:00
Carl Meyer bcb693ebd4 Revert "Fixed #23892 -- Made deconstructible classes forwards compatible"
This reverts commit f36151ed16.

Adding kwargs to deconstructed objects does not achieve useful
forward-compatibility in general, since additional arguments are silently
dropped rather than having their intended effect. In fact, it can make the
failure more difficult to diagnose. Thanks Shai Berger for discussion.
2014-11-22 22:29:23 -07:00
Carl Meyer f36151ed16 Fixed #23892 -- Made deconstructible classes forwards compatible 2014-11-22 14:30:14 -07:00
Aymeric Augustin 95b8323ac2 Removed import forgotten in previous commit. 2014-11-11 22:54:26 +01:00
Aymeric Augustin b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Tim Graham 0d8d30b7dd Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names.
This is a security fix. Disclosure following shortly.
2014-08-20 14:39:40 -04:00
Florian Apolloner e2efc8965e Fixed #22680 -- I/O operation on closed file.
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
2014-06-11 08:57:30 +02:00
Claude Paroz fb9d8f0652 Fixed #22717 -- Auto-corrected missing ending slash in FileSystemStorage
Thanks David Fischer for the report and Moayad Mardini for the
review.
2014-06-04 08:53:17 +02:00
Alex Gaynor 1dcc603eff Fixed several typos in Django 2014-05-28 17:39:14 -07:00
Andrew Godwin 6944418277 Fixed #22337: FileSystemStorage marked as deconstructible and tested. 2014-05-06 22:23:23 -07:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
José Moreira 8649833cf8 fixed typo on docstring 2014-01-20 16:33:11 +00:00
Vajrasky Kok 7e2d61a972 Fixed #21380 -- Added a way to set different permission for static directories.
Previously when collecting static files, the directories would receive permissions
from the global umask. Now the default permission comes from FILE_UPLOAD_DIRECTORY_PERMISSIONS
and there's an option to specify the permissions by subclassing any of the
static files storage classes and setting the directory_permissions_mode parameter.
2013-11-29 08:01:30 -05:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Vajrasky Kok 9eecb91695 Fixed #21219 -- Added a way to set different permission for static files.
Previously, when collecting static files, the files would receive permission
from FILE_UPLOAD_PERMISSIONS. Now, there's an option to give different
permission from uploaded files permission by subclassing any of the static
files storage classes and setting the file_permissions_mode parameter.

Thanks dblack at atlassian.com for the suggestion.
2013-10-24 17:40:01 -04:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00
John Hensley 30fc49a7ca Fixed #21057 -- Prevented FileSystemStorage from leaving temporary files. 2013-09-10 08:33:53 -04:00
Aymeric Augustin 6a6428a36f Took advantage of django.utils.six.moves.urllib.*. 2013-09-05 14:39:23 -05:00
Mel Collins 6bdb3b1135 Fixed #13518 -- Added FILE_UPLOAD_DIRECTORY_PERMISSIONS setting
This setting does for new directories what FILE_UPLOAD_PERMISSIONS
does for new files.

Thanks jacob@ for the suggestion.
2013-08-12 07:15:59 -04:00
Claude Paroz 7fbab3ebaf Do not allow FileSystemStorage.delete to receive an empty name
Refs #20660.
2013-06-29 18:09:31 +02:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Claude Paroz 838f28974e Fixed #20427 -- Moved a variable initialization in storage.py
This is fixing commit 4e70ad11d2. Thanks mattias at elements.nl
for the report and Baptiste Mispelon for identifying the faulty
commit.
2013-05-17 18:31:52 +02:00
Marcin Biernat 664855b74e #18899 FileSystemStorage.save should support any file-like objects 2013-02-23 16:40:50 +01:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Florian Apolloner e8c6aff3bf Fixed #18947 -- Don't make uploaded files executeable by default.
Thanks to Lauri Tirkkonen for the patch.
2012-09-17 22:53:10 +02:00
Claude Paroz 4e70ad11d2 Made FileSystemStorage accept both text and byte streams
Thanks Alexey Boriskin for his help on the patch.
2012-08-29 16:37:37 +02:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Aymeric Augustin 0d914d08a0 [py3] Updated urllib/urllib2/urlparse imports.
Lots of functions were moved. Use explicit imports in all cases
to keey it easy to identify where the functions come from.
2012-07-22 09:29:55 +02:00
Claude Paroz 169b1a404c Replaced foo.next() by next(foo).
This new syntax for next() has been introduced in Python 2.6 and is
compatible with Python 3.
2012-05-10 20:15:49 +02:00
Claude Paroz 3904b74a3f Fixed #18013 -- Use the new 'as' syntax for exceptions.
Thanks Clueless for the initial patch.
Note that unittest has been purposely left out (external package only used by Python 2.6).
2012-04-29 20:57:15 +02:00
Jannis Leidel c4cc875643 Fixed #16703 -- Raise an exception if the storage location of the DefaultStorageFinder is empty.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16863 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-21 15:58:32 +00:00
Jannis Leidel f3ae496201 Fixed #16833 -- Removed undocumented `mixin` parameter from the `Storage.open()` method as this was an undocumented and obscure feature. Thanks to Marty and Russell for sanity-checking.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16824 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-09-13 15:10:49 +00:00
Jannis Leidel d34bb3c833 Fixed #16108 -- Fixed another race condition in the FileSystemStorage backend with regard to deleting a file. Refs #16082, too. Thanks, Aymeric Augustin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16287 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-28 13:06:08 +00:00
Jannis Leidel 723b620c7e Fixed #16082 -- Fixed race condition in the FileSystemStorage backend with regard to creating directories. Thanks, pjdelport.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16280 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-26 08:21:35 +00:00
Russell Keith-Magee 090ff64204 Fixed #15181 -- Ensure that special characters are escaped when querying for the URL of an uploaded file. Thanks to e.generalov for the report and patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15409 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-04 14:43:10 +00:00
Russell Keith-Magee a904e55859 Fixed #11509 -- Modified usage of "Web" to match our style guide in various documentation, comments and code. Thanks to timo and Simon Meers for the work on the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14069 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-09 08:12:50 +00:00
Jannis Leidel 58b704d8da Fixed #10497 -- Added a few time-related methods to the storage API. Thanks for the report and patch to Stephan Jaekel.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@14012 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-10-08 15:11:59 +00:00
Karen Tracey 600aa6679e Fixed #11030: Reverted a change that assumed the file system encoding was utf8, and changed a test to demonstrate how that assumption corrupted uploaded non-ASCII file names on systems that don't use utf8 as their file system encoding (Windows for one, specifically). Thanks for the report to vrehak.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12661 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-02 21:58:49 +00:00
Jacob Kaplan-Moss 5366aa96fe Fixed #10258: handle duplicate file names better.
Instead of just continually appending "_" to duplicate file names, Django's
default storage now appends `_1`, `_2`, `_3`, etc.

Thanks to ianschenck and Thilo.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12552 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-02-23 22:39:22 +00:00
Luke Plant c6e8e5d9f0 Fixed non-standard introspection support in LazyObject.
LazyObject called a public method ``get_all_members`` on wrapped objects in
order to allow introspection.  This could easily cause name clashes with
existing methods on wrapped objects, and so has been changed to use the
standard methods.  This could be slightly backwards-incompatible, in obscure
cases, if the undocumented LazyObject has been used externally.



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11636 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-10-19 21:48:06 +00:00
Gary Wilson Jr 59507753c7 Fixed #9610 -- Fixed duplicate uploaded file name mangling when directory contained a dot and file didn't. Based on patches from fadlytabrani and adurdin.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10701 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-08 05:50:31 +00:00
Jacob Kaplan-Moss a59095af24 Fixed #11030: fixed file uploads on non-utf8 filesystem encoding. Thanks, Honza Kral.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10693 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-05-07 17:53:23 +00:00
Jacob Kaplan-Moss c485e236bd Fixed #8193: all dynamic imports in Django are now done correctly. I know this because Brett Cannon borrowed the time machine and brought Python 2.7's '`importlib` back for inclusion in Django. Thanks for the patch-from-the-future, Brett!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10088 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-18 16:55:59 +00:00
Malcolm Tredinnick a08267bf6a Removed some import-time dependencies on Django's settings.
Now you can import the file storage stuff and still call settings.configure()
afterwards. There is still one import-time usage of settings in
django.contrib.comments, but that's unavoidable.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@9946 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2009-03-02 04:48:47 +00:00
Jacob Kaplan-Moss ff420b4364 Fixed #8454: added a FILE_UPLOAD_PERMISSIONS setting to control the permissoin of files uploaded by the built-in file storage system. Thanks, dcwatson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 22:21:14 +00:00
Jacob Kaplan-Moss f58217cc02 Fixed #8455: a lack of permissions in `MEDIA_ROOT` no longer causes an infinite loop when saving files. Thanks, carljm.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-27 21:44:14 +00:00
Jacob Kaplan-Moss 58cd4902a7 Fixed #4948, a race condition in file saving. Thanks to Martin von Löwis, who diagnosed the problem and pointed the way to a fix.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-11 16:51:18 +00:00
Gary Wilson Jr ef48a3e69c Fixed #7830 -- Removed all of the remaining, deprecated, non-oldforms features:
* Support for representing files as strings was removed. Use `django.core.files.base.ContentFile` instead.
 * Support for representing uploaded files as dictionaries was removed. Use `django.core.files.uploadedfile.SimpleUploadedFile` instead.
 * The `filename`, `file_name`, `file_size`, and `chuck` properties of `UploadedFile` were removed. Use the `name`, `name`, `size`, and `chunks` properties instead, respectively.
 * The `get_FIELD_filename`, `get_FIELD_url`, `get_FIELD_size`, and `save_FIELD_file` methods for Models with `FileField` fields were removed. Instead, use the `path`, `url`, and `size` attributes and `save` method on the field itself, respectively.
 * The `get_FIELD_width` and `get_FIELD_height` methods for Models with `ImageField` fields were removed. Use the `width` and `height` attributes on the field itself instead.
 * The dispatcher `connect`, `disconnect`, `send`, and `sendExact` functions were removed. Use the signal object's own `connect`, `disconnect`, `send`, and `send` methods instead, respectively.
 * The `form_for_model` and `form_for_instance` functions were removed. Use a `ModelForm` subclass instead.
 * Support for importing `django.newforms` was removed. Use `django.forms` instead.
 * Support for importing `django.utils.images` was removed. Use `django.core.files.images` instead.
 * Support for the `follow` argument in the `create_object` and `update_object` generic views was removed. Use the `django.forms` package and the new `form_class` argument instead.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8291 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-08-10 21:10:47 +00:00