Commit Graph

78 Commits

Author SHA1 Message Date
Hrushikesh Vaidya 3fadf141e6 Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names. 2022-01-20 07:19:52 +01:00
Mariusz Felisiak 5def7f3f74 Updated various links to HTTPS and new locations.
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-12-02 11:27:29 +01:00
Florian Apolloner 0b79eb3691 Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
Mariusz Felisiak d4d800ca1a Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.
2021-04-06 08:15:17 +02:00
aryan 11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
Michael Brown 36db4dd937 Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash. 2020-06-11 08:46:59 +02:00
007 e65fea9292 Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers. 2020-02-28 14:43:16 +01:00
Jon Dufresne b915b9f10f Refs #27753 -- Deprecated django.utils.text.unescape_entities().
The function was undocumented and only required for compatibility with
Python 2.

Code should use Python's html.unescape() that was added in Python 3.4.
2019-05-08 08:00:59 +02:00
Jon Dufresne 8b3f1c35dd Removed unnecessary assignments in various code. 2019-04-24 13:09:29 +02:00
Tim Graham 8ec7ded370 Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart request. 2019-03-02 09:19:05 -05:00
Tim Graham 2ed2acf872 Fixed #30227 -- Fixed crash on request without boundary in Content-Type. 2019-03-02 09:19:05 -05:00
Nick Pope 5013d38380 Optimized iterator exhaustion using collections.deque(). 2019-02-14 18:21:57 -05:00
Aymeric Augustin 3bb6a4390c Refs #27753 -- Favored force/smart_str() over force/smart_text(). 2019-02-06 14:12:06 -05:00
Дилян Палаузов 4c599ece57 Fixed #28930 -- Simplified code with any() and all(). 2017-12-26 17:11:15 -05:00
Mariusz Felisiak 3f9d85d95c Removed unused eof argument to BoundaryIter._find_boundary().
Unused since its introduction in d725cc9734.
2017-09-22 10:47:14 -04:00
Tom 7afb476469 Fixed #28226 -- Replaced use of str.join() with concatenation. 2017-05-27 13:59:05 -04:00
Anton Samarchyan 3eb679a869 Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257. 2017-02-20 19:57:33 -05:00
Tim Graham 75f0070a54 Fixed #27308 -- Fixed BytesWarnings in the test suite. 2017-02-17 16:04:45 -05:00
Vytis Banaitis d1bab24e01 Refs #23919, #27778 -- Removed obsolete mentions of unicode. 2017-01-26 08:19:27 -05:00
Tim Graham 90db4bb0d7 Corrected http.multipartparser.exhaust() docstring.
MultiPartParserError was removed in
ebf34c3cdc.
2017-01-25 13:00:00 -05:00
Mads Jensen ebf34c3cdc Removed unused variables that are overwritten. 2017-01-25 09:14:05 -05:00
Claude Paroz 6e55e1d88a Refs #23919 -- Replaced six.reraise by raise 2017-01-22 20:08:04 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz c716fe8782 Refs #23919 -- Removed six.PY2/PY3 usage
Thanks Tim Graham for the review.
2017-01-18 16:21:28 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Vinay Karanam 4a246a02bd Refs #17235 -- Made MultiPartParser leave request.POST immutable. 2016-12-07 08:28:46 -05:00
Ramin Farajpour Cami 967be82443 Fixed E305 flake8 warnings. 2016-11-14 12:30:46 -05:00
Jon Dufresne a8f957797d Fixed comment typo in multiparser.py 2016-06-05 16:36:59 -04:00
Asif Saifuddin Auvi dc88516e5b Made style improvements to multipartparser.py 2016-06-04 11:06:25 -04:00
Andre Cruz 929684d6ee Fixed #21231 -- Enforced a max size for GET/POST values read into memory.
Thanks Tom Christie for review.
2016-05-12 10:17:52 -04:00
Tim Graham 086510fde0 Removed HTTP prefixed CONTENT_TYPE/LENGTH headers in MultiPartParser.
The docs say that these headers always appear without the HTTP_ prefix.
This may have been an oversight when they were added in
d725cc9734, the only commit that uses
these names.
2016-05-06 10:30:03 -04:00
Tim Graham ead21a1949 Refs #22897 -- Removed unneeded empty string QueryDict argument. 2016-05-03 12:04:08 -04:00
John-Mark Bell 4b129ac81f Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an empty string. 2016-03-07 13:19:39 -05:00
Tim Graham 3f2de80318 Refs #23763 -- Fixed Python 3.5 PendingDeprecationWarning in LazyStream.
Fixed "PendingDeprecationWarning: generator 'LazyStream.read.<locals>.parts'
raised StopIteration" per PEP 0479.
2015-06-17 06:55:16 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Raul Cumplido ac650d02cb Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headers
Thanks Tom Christie for the report and review.
2015-01-27 20:12:22 +01:00
Jason Hobbs e1424b2370 Fixed #23397 -- Stripped whitespace from base64 during chunking
This insures the actual base64 content has a length a multiple of 4.
Also added a test case for the failure.
2014-09-13 19:06:21 +02:00
Claude Paroz b42e5ca058 Fixed #22971 -- Properly parsed RFC 2388 encoded headers
Thanks homm for the report, Cea Stapleton for patch improvements
and Ian Cordasco, Christian Schmitt and Tim Graham for the review.
2014-08-14 11:45:43 +02:00
Florian Apolloner e2efc8965e Fixed #22680 -- I/O operation on closed file.
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
2014-06-11 08:57:30 +02:00
mbacho 8a9d54aa69 Fixed typo in multipartparser.py 2014-05-16 05:34:40 -04:00
Rodolfo Carvalho 0d91225892 Fixed many typos in comments and docstrings.
Thanks Piotr Kasprzyk for help with the patch.
2014-03-03 07:38:09 -05:00
Loic Bistuer 6685713869 Fixed E127 pep8 warnings. 2013-12-14 11:59:15 -05:00
Alex Gaynor c347f78cc1 Fixed all E226 violations 2013-11-03 10:08:55 -08:00
Milton Mazzarri cbc7cbbc5b Fixed flake8 E251 violations 2013-11-03 03:22:11 -06:00
Alex Gaynor fe995e6cbd Fixed the remaining E302 violations int eh django package 2013-11-02 17:37:15 -07:00
coagulant 3bc0d46a84 Fixed all E261 warnings 2013-11-02 18:20:39 -04:00
Alex Gaynor 7548aa8ffd More attacking E302 violators 2013-11-02 13:12:09 -07:00
Baptiste Mispelon 20472aa827 Fixed #21189: Cleaned up usage of bare except clauses.
Thanks to berkerpeksag for the report and to claudep
for the review.
2013-10-05 11:50:03 +02:00