innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/django/core/files
History
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField. 
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
 		2021-05-13 08:53:44 +02:00
..
__init__.py Fixed #21302 -- Fixed unused imports and import *. 2013-11-02 15:24:56 -04:00
base.py Fixed "byte string" typo in various docs and comments. 2019-03-28 10:00:12 +01:00
images.py Fixed #29705 -- Fixed ImageField RuntimeError crash for WebP files. 2018-08-23 09:04:25 -04:00
locks.py Fixed #31989 -- Fixed return value of django.core.files.locks.lock()/unlock() on POSIX systems. 2020-09-15 10:21:26 +02:00
move.py Fixed #30137 -- Replaced OSError aliases with the canonical OSError. 2019-01-28 11:15:06 -05:00
storage.py Fixed #32366 -- Updated datetime module usage to recommended approach. 2021-05-12 11:08:41 +02:00
temp.py Fixed #30137 -- Replaced OSError aliases with the canonical OSError. 2019-01-28 11:15:06 -05:00
uploadedfile.py Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads. 2021-05-04 08:44:42 +02:00
uploadhandler.py Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads. 2020-09-30 10:30:43 +02:00
utils.py Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:53:44 +02:00