diff --git a/AUTHORS b/AUTHORS index 1f8e40edbef..993b905dddc 100644 --- a/AUTHORS +++ b/AUTHORS @@ -71,6 +71,7 @@ answer newbie questions, and generally made Django that much better: Jonathan Buchanan Trevor Caira Ricardo Javier Cárdenes Medina + Graham Carlyle Antonio Cavedoni C8E cedric@terramater.net diff --git a/django/views/static.py b/django/views/static.py index b556c60ca6f..f0e43ffe4e1 100644 --- a/django/views/static.py +++ b/django/views/static.py @@ -33,6 +33,7 @@ def serve(request, path, document_root=None, show_indexes=False): # Clean up given path to only allow serving files below document_root. path = posixpath.normpath(urllib.unquote(path)) + path = path.lstrip('/') newpath = '' for part in path.split('/'): if not part: diff --git a/tests/regressiontests/views/tests/static.py b/tests/regressiontests/views/tests/static.py index 0a67cf543ec..c731b249e8a 100644 --- a/tests/regressiontests/views/tests/static.py +++ b/tests/regressiontests/views/tests/static.py @@ -12,4 +12,12 @@ class StaticTests(TestCase): for filename in media_files: response = self.client.get('/views/site_media/%s' % filename) file = open(path.join(media_dir, filename)) - self.assertEquals(file.read(), response.content) \ No newline at end of file + self.assertEquals(file.read(), response.content) + + def test_copes_with_empty_path_component(self): + file_name = 'file.txt' + response = self.client.get('/views/site_media//%s' % file_name) + file = open(path.join(media_dir, file_name)) + self.assertEquals(file.read(), response.content) + +