Commit Graph

30 Commits

Author SHA1 Message Date
Mariusz Felisiak 934430d22a [3.1.x] Fixed CVE-2020-24583, #31921 -- Fixed permissions on intermediate-level static and storage directories on Python 3.7+.
Thanks WhiteSage for the report.

Backport of ea0febbba531a3ecc8c77b570efbfb68ca7155db from master.
2020-09-01 09:35:05 +02:00
Richard Campen 67b334fbaf Fixed #31517 -- Fixed HashedFilesMixin.hashed_name() if hash of the file is None. 2020-04-28 08:25:07 +02:00
Jon Dufresne 39791c8e6d Harmonized Windows checks in tests to a single style. 2019-11-06 15:14:30 +01:00
Mariusz Felisiak f1894bae30 Refs #28606 -- Removed CachedStaticFilesStorage per deprecation timeline. 2019-09-10 12:01:00 +02:00
zeyneloz 955b382600 Fixed #30599 -- Prevented ManifestFilesMixin.read_manifest() from silencing errors other than FileNotFoundError. 2019-08-02 08:35:28 +02:00
zeyneloz 246689452d Added test for handling of non-existent manifest in ManifestFilesMixin.read_manifest(). 2019-08-02 08:35:25 +02:00
Nathan Gaberel b27c9c953b Fixed #28604 -- Prevented ManifestStaticFilesStorage from leaving intermediate files. 2019-06-03 13:11:55 +02:00
Tim Graham f892781b95 Fixed #28606 -- Deprecated CachedStaticFilesStorage. 2018-10-27 11:58:29 -04:00
Mariusz Felisiak 362813d628
Fixed hanging indentation in various code. 2018-03-16 10:54:34 +01:00
Дилян Палаузов 6c0042430e Fixed #28776 -- Fixed a/an/and typos in docs and comments. 2017-11-06 22:41:03 -05:00
Tim Graham cde31daf88 Sorted imports per isort 4.2.9. 2017-06-01 13:23:48 -04:00
David Sanders 8e3f9d3ee2 Fixed #27741 -- Isolated TestCollectionHashedFilesCache in a tmpdir. 2017-02-03 18:49:08 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz 2366100872 Removed unneeded force_text calls in the test suite 2017-01-24 18:45:54 +01:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage
Thanks Tim Graham for the review.
2017-01-18 21:33:28 +01:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
David Sanders 53bffe8d03 Fixed #24452 -- Fixed HashedFilesMixin correctness with nested paths. 2017-01-11 09:21:29 -05:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Andrew Nester 08ed3cc6d1 Fixed #26671 -- Made HashedFilesMixin ignore the 'chrome' scheme. 2016-07-12 08:20:39 -04:00
Jon Dufresne 4f336f6652 Fixed #26747 -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00
Claude Paroz edcecaf0de Fixed #19670 -- Applied CachedFilesMixin patterns to specific extensions
Thanks Simon Meers for the initial patch, and Tim Graham for the review.
2016-03-30 14:34:41 +02:00
Claude Paroz 859fc64338 Cleaned class inheritances in staticfiles tests
Thanks Tim Graham for precious inputs.
2016-03-28 19:46:03 +02:00
Jon Dufresne 4e2da368db Cleaned up TestStaticFilePermissions to use call_command(). 2016-03-03 21:58:23 +01:00
Aymeric Augustin 7f6fbc906a Prevented static file corruption when URL fragment contains '..'.
When running collectstatic with a hashing static file storage backend,
URLs referencing other files were normalized with posixpath.normpath.
This could corrupt URLs: for example 'a.css#b/../c' became just 'c'.

Normalization seems to be an artifact of the historical implementation.
It contained a home-grown implementation of posixpath.join which relied
on counting occurrences of .. and /, so multiple / had to be collapsed.

The new implementation introduced in the previous commit doesn't suffer
from this issue. So it seems safe to remove the normalization.

There was a test for this normalization behavior but I don't think it's
a good test. Django shouldn't modify CSS that way. If a developer has
rendundant /s, it's mostly an aesthetic issue and it isn't Django's job
to fix it. Conversely, if the user wants a series of /s, perhaps in the
URL fragment, Django shouldn't destroy it.

Refs #26249.
2016-02-23 19:35:16 +01:00
Aymeric Augustin 706b33fef8 Fixed #26249 -- Fixed collectstatic crash for files in STATIC_ROOT referenced by absolute URL.
collectstatic crashed when:

* a hashing static file storage backend was used
* a static file referenced another static file located directly in
  STATIC_ROOT (not a subdirectory) with an absolute URL (which must
  start with STATIC_URL, which cannot be empty)

It seems to me that the current code reimplements relative path joining
and doesn't handle edge cases correctly. I suspect it assumes that
STATIC_URL is of the form r'/[^/]+/'.

Throwing out that code in favor of the posixpath module makes the logic
easier to follow. Handling absolute paths correctly also becomes easier.
2016-02-23 19:34:21 +01:00
msaelices 7624fdb9f8 Fixed #25283 -- Fixed collectstatic crash if a URL contains a fragment with a path.
A @font-face declaration may contain a fragment that looks like a relative path,
e.g. @font-face { src: url('../fonts/font.svg#../path/like/fragment'); }
In this case, an incorrect path was passed to the storage backend, which raised
an error that caused collectstatic to crash.
2015-11-12 19:30:48 -05:00
Aymeric Augustin bf2c969eb7 Prevented staticfiles test from colliding when run in parallel.
This requires that each test never alters files in static directories
collected by other tests. The alternative is to add a temporary
directory to STATICFILES_DIRS or a new app to INSTALLED_APPS.
2015-09-09 23:01:17 +02:00
Moritz Sichert b35b43dff8 Fixed #24982 -- Split staticfiles tests into multiple files 2015-07-01 09:41:27 -04:00