Commit Graph

133 Commits

Author SHA1 Message Date
Aymeric Augustin 95b8323ac2 Removed import forgotten in previous commit. 2014-11-11 22:54:26 +01:00
Aymeric Augustin b8ba73cd0c Raised SuspiciousFileOperation in safe_join.
Added a test for the condition safe_join is designed to prevent.

Previously, a generic ValueError was raised. It was impossible to tell
an intentional exception raised to implement safe_join's contract from
an unintentional exception caused by incorrect inputs or unexpected
conditions. That resulted in bizarre exception catching patterns, which
this patch removes.

Since safe_join is a private API and since the change is unlikely to
create security issues for users who use it anyway -- at worst, an
uncaught SuspiciousFileOperation exception will bubble up -- it isn't
documented.
2014-11-11 19:05:14 +01:00
Jon Dufresne eb4f6de980 Fixed #8149 -- Made File.__iter__() support universal newlines.
The following are recognized as ending a line: the Unix end-of-line
convention '\n', the Windows convention '\r\n', and the old
Macintosh convention '\r'.

http://www.python.org/dev/peps/pep-0278

Thanks tchaumeny for review.
2014-10-30 11:52:59 -04:00
Tim Graham cf33777306 Clarified a comment in django.core.files.temp. 2014-08-29 07:27:15 -04:00
Tim Graham 0d8d30b7dd Fixed #23157 -- Removed O(n) algorithm when uploading duplicate file names.
This is a security fix. Disclosure following shortly.
2014-08-20 14:39:40 -04:00
Loic Bistuer 6e8d614acd Made the vendored NamedTemporaryFile work as a context manager. Refs #22680.
This fixes a regression on Windows introduced by b7de5f5.

Thanks Tim Graham for the report and review.
2014-06-12 08:07:34 +07:00
Florian Apolloner e2efc8965e Fixed #22680 -- I/O operation on closed file.
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
2014-06-11 08:57:30 +02:00
Claude Paroz fb9d8f0652 Fixed #22717 -- Auto-corrected missing ending slash in FileSystemStorage
Thanks David Fischer for the report and Moayad Mardini for the
review.
2014-06-04 08:53:17 +02:00
Alex Gaynor 1dcc603eff Fixed several typos in Django 2014-05-28 17:39:14 -07:00
Florian Apolloner 9d1bf8f841 Removed executeable bit from a few files. 2014-05-25 23:16:40 +02:00
Andrew Godwin 6944418277 Fixed #22337: FileSystemStorage marked as deconstructible and tested. 2014-05-06 22:23:23 -07:00
Baptiste Mispelon 96fc3908ad Fixed a failing test introduced in 918a16bc4c.
Refs #22307.
2014-03-22 18:05:56 +01:00
Hans Lawrenz 918a16bc4c Fixed #22307 -- Fixed SpooledTemporaryFile bug in File class.
Added condition to prevent checking the existence of a file name of a
file like object when the name attribute is None. This is necessary
because a SpooledTemporaryFile won't exist on the file system or have a
name until it has reached its max_size. Also added tests.
2014-03-21 22:34:47 +01:00
Tim Graham 4965a77407 Removed PIL compatability layer per deprecation timeline.
refs #19934.
2014-03-21 10:54:53 -04:00
smallcode 61fdb8d487 Fixed regression in file locking on some platforms.
Some platforms with os.name == 'posix' do not have the
fcntl module, e.g. AppEngine.

refs #19373.
2014-03-18 10:35:22 -04:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Baptiste Mispelon 3841feee86 Fixed #22107 -- Fixed django.core.files.File object iteration.
Due to a mixup between text and bytes, iteration over
a File instance was broken under Python 3.

Thanks to trac user pdewacht for the report and patch.
2014-02-20 19:13:25 +01:00
Dmitro d3e33fff12 Made content_type_extra optional for TemporaryUploadedFile and MemoryUploadedFile.
This provides better backwards compatibility for those constructing these
objects manually.

Refs #13721.
2014-02-18 07:49:42 -05:00
Kevin Christopher Henry 6fe26bd3ee Fixed #19373 -- Ported Windows file locking from PyWin32 to ctypes
There wasn't any file locking under Windows unless PyWin32 was
installed. This removes that (undocumented) dependency by using ctypes
instead.

Thanks to Anatoly Techtonik for writing the ctypes port upon which this
is based.
2014-02-08 15:52:06 -05:00
Berker Peksag 5d263dee30 Fixed #21674 -- Deprecated the import_by_path() function in favor of import_string().
Thanks Aymeric Augustin for the suggestion and review.
2014-02-08 11:12:19 -05:00
José Moreira 8649833cf8 fixed typo on docstring 2014-01-20 16:33:11 +00:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Vajrasky Kok 7e2d61a972 Fixed #21380 -- Added a way to set different permission for static directories.
Previously when collecting static files, the directories would receive permissions
from the global umask. Now the default permission comes from FILE_UPLOAD_DIRECTORY_PERMISSIONS
and there's an option to specify the permissions by subclassing any of the
static files storage classes and setting the directory_permissions_mode parameter.
2013-11-29 08:01:30 -05:00
xuxiang 4cfe6ba6a3 Use `classmethod` as a decorator. 2013-11-19 23:08:21 -05:00
Alex Gaynor c347f78cc1 Fixed all E226 violations 2013-11-03 10:08:55 -08:00
Milton Mazzarri cbc7cbbc5b Fixed flake8 E251 violations 2013-11-03 03:22:11 -06:00
coagulant 3bc0d46a84 Fixed all E261 warnings 2013-11-02 18:20:39 -04:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Alex Gaynor 4ad9f4d4ea Replaced a hardcoded "2" with the right named constant 2013-11-02 12:55:36 -07:00
Tim Graham 36ded01527 Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
Vajrasky Kok 9eecb91695 Fixed #21219 -- Added a way to set different permission for static files.
Previously, when collecting static files, the files would receive permission
from FILE_UPLOAD_PERMISSIONS. Now, there's an option to give different
permission from uploaded files permission by subclassing any of the static
files storage classes and setting the file_permissions_mode parameter.

Thanks dblack at atlassian.com for the suggestion.
2013-10-24 17:40:01 -04:00
Alex Gaynor 9bf5610890 Start attacking E231 violations 2013-10-24 10:30:03 -07:00
Alasdair Nicol c3aa2948c6 Fixed #21298 -- Fixed E301 pep8 warnings 2013-10-23 13:45:03 +01:00
Tim Graham b67ab75e82 Fixed assorted flake8 errors. 2013-10-11 07:25:14 -04:00
Kevin Christopher Henry 59a34c43a8 Fixed #18744 -- Updated docstring to highlight limitations of NamedTemporaryFile
- Noted that this does not allow for reading and writing the same open
file in different processes under Windows.
- Noted that the keyword arguments to NamedTemporaryFile no longer
match the Python version.
2013-09-19 10:12:03 -04:00
Gregor MacGregor b2b763448f Fixed #20841 -- Added messages to NotImplementedErrors
Thanks joseph at vertstudios.com for the suggestion.
2013-09-10 11:09:59 -04:00
John Hensley 30fc49a7ca Fixed #21057 -- Prevented FileSystemStorage from leaving temporary files. 2013-09-10 08:33:53 -04:00
homm 7008ed61c5 Fixed #21033 -- Fixed uploaded filenames not always being truncated to 255 characters 2013-09-10 01:55:16 +02:00
Christopher Adams b2f5ac1656 Fixed #11857 -- Added missing 'closed' property on TemporaryFile class.
- TemporaryFile now minimally mocks the API of the Python standard
  library class tempfile.NamedTemporaryFile to avoid AttributeError
  exceptions.
- The symbol django.core.files.NamedTemporaryFile is actually assigned
  as a different class on different operating systems.
- The bug only occurred if Django is running on Windows, hence why it
  was hard to diagnose.
2013-09-06 14:32:46 -04:00
Aymeric Augustin 6a6428a36f Took advantage of django.utils.six.moves.urllib.*. 2013-09-05 14:39:23 -05:00
Mel Collins 6bdb3b1135 Fixed #13518 -- Added FILE_UPLOAD_DIRECTORY_PERMISSIONS setting
This setting does for new directories what FILE_UPLOAD_PERMISSIONS
does for new files.

Thanks jacob@ for the suggestion.
2013-08-12 07:15:59 -04:00
Benjamin Kagia b0953dc913 Fixed #13721 -- Added UploadedFile.content_type_extra.
Thanks Waldemar Kornewald and mvschaik for work on the patch.
2013-07-11 09:11:59 -04:00
Claude Paroz 7fbab3ebaf Do not allow FileSystemStorage.delete to receive an empty name
Refs #20660.
2013-06-29 18:09:31 +02:00
Russell Keith-Magee 18e79f1425 Fixed #20486 -- Ensure that file_move_safe raises an error if the destination already exists.
Thanks to kux for the report, and Russ Webber for the patch.
2013-06-20 18:55:27 +08:00
Ramiro Morales 0fa8d43e74 Replaced `and...or...` constructs with PEP 308 conditional expressions. 2013-05-26 23:47:50 -03:00
Preston Holmes d228c1192e Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.
SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
2013-05-25 16:27:34 -07:00
Claude Paroz 838f28974e Fixed #20427 -- Moved a variable initialization in storage.py
This is fixing commit 4e70ad11d2. Thanks mattias at elements.nl
for the report and Baptiste Mispelon for identifying the faulty
commit.
2013-05-17 18:31:52 +02:00
Daniel Lindsley 33793f7c3e Fixed #19934 - Use of Pillow is now preferred over PIL.
This starts the deprecation period for PIL (support to end in 1.8).
2013-05-14 19:32:04 -07:00
Marcin Biernat 664855b74e #18899 FileSystemStorage.save should support any file-like objects 2013-02-23 16:40:50 +01:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00