From 3757f30c99838783402b54d1cfd41958d1493aad Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Sun, 12 Aug 2007 12:02:08 +0000 Subject: [PATCH] Fixed #4947 -- Avoid displaying uploaded file contents in the debug web page. Based on a patch from eibaan@gmail.com. git-svn-id: http://code.djangoproject.com/svn/django/trunk@5874 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- AUTHORS | 1 + django/http/__init__.py | 6 +++--- django/utils/datastructures.py | 13 +++++++++++++ tests/regressiontests/datastructures/tests.py | 9 +++++++++ 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/AUTHORS b/AUTHORS index 27eaf5bd1d3..3aaa3d57ba2 100644 --- a/AUTHORS +++ b/AUTHORS @@ -101,6 +101,7 @@ answer newbie questions, and generally made Django that much better: dusk@woofle.net Andy Dustman Clint Ecker + eibaan@gmail.com enlight Enrico A. Murat Eren diff --git a/django/http/__init__.py b/django/http/__init__.py index 22de62729aa..7cd47481dc3 100644 --- a/django/http/__init__.py +++ b/django/http/__init__.py @@ -2,7 +2,7 @@ import os from Cookie import SimpleCookie from pprint import pformat from urllib import urlencode -from django.utils.datastructures import MultiValueDict +from django.utils.datastructures import MultiValueDict, FileDict from django.utils.encoding import smart_str, iri_to_uri, force_unicode RESERVED_CHARS="!*'();:@&=+$,/?%#[]" @@ -88,11 +88,11 @@ def parse_file_upload(header_dict, post_data): # directory separator, which may not be the same as the # client's one.) filename = name_dict['filename'][name_dict['filename'].rfind("\\")+1:] - FILES.appendlist(name_dict['name'], { + FILES.appendlist(name_dict['name'], FileDict({ 'filename': filename, 'content-type': 'Content-Type' in submessage and submessage['Content-Type'] or None, 'content': submessage.get_payload(), - }) + })) else: POST.appendlist(name_dict['name'], submessage.get_payload()) return POST, FILES diff --git a/django/utils/datastructures.py b/django/utils/datastructures.py index 60bc0051a26..4b60d1d1941 100644 --- a/django/utils/datastructures.py +++ b/django/utils/datastructures.py @@ -267,3 +267,16 @@ class DotExpandedDict(dict): current[bits[-1]] = v except TypeError: # Special-case if current isn't a dict. current = {bits[-1] : v} + +class FileDict(dict): + """ + A dictionary used to hold uploaded file contents. The only special feature + here is that repr() of this object won't dump the entire contents of the + file to the output. A handy safeguard for a large file upload. + """ + def __repr__(self): + if 'content' in self: + d = dict(self, content='') + return dict.__repr__(d) + return dict.__repr__(self) + diff --git a/tests/regressiontests/datastructures/tests.py b/tests/regressiontests/datastructures/tests.py index 18eb4fcccd2..3920e1ca40d 100644 --- a/tests/regressiontests/datastructures/tests.py +++ b/tests/regressiontests/datastructures/tests.py @@ -64,4 +64,13 @@ True ['Holovaty'] >>> d['person']['2']['firstname'] ['Adrian'] + +### FileDict ################################################################ + +>>> d = FileDict({'content': 'once upon a time...'}) +>>> repr(d) +"{'content': ''}" +>>> d = FileDict({'other-key': 'once upon a time...'}) +>>> repr(d) +"{'other-key': 'once upon a time...'}" """