Commit Graph

25 Commits

Author SHA1 Message Date
Mariusz Felisiak 2820fd1be5 [3.2.x] Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.
Thanks Claude Paroz for the initial patch.
Thanks Dennis Brinkrolf for the report.

Backport of d4d800ca1a from main.
2021-04-06 08:24:01 +02:00
aryan 11c4a4412b Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.
This patch allows upload handlers to handle interrupted uploads.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-09-30 10:30:43 +02:00
aryan 21b127bfbc Refs #30422 -- Added test for removing temporary files in MultiPartParser when StopUpload is raised. 2020-09-30 10:29:08 +02:00
Jon Dufresne 505fec6bad Capitalized Unicode in docs, strings, and comments. 2020-04-20 12:10:33 +02:00
Jon Dufresne a98bcfb0dd Refs #15362 -- Removed obsolete workaround in file_uploads test view. 2019-02-09 18:44:28 -05:00
Jon Dufresne c492fdfd24 Removed default empty content argument from HttpResponse calls. 2019-02-09 16:27:32 -05:00
Tim Graham fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Jon Dufresne 21046e7773 Fixed #28249 -- Removed unnecessary dict.keys() calls.
iter(dict) is equivalent to iter(dict.keys()).
2017-05-27 19:08:46 -04:00
Tim Graham 500532c95d Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode(). 2017-02-09 09:03:47 -05:00
Tim Graham 5e303836b6 Used JsonResponse and response.json in file_uploads tests. 2017-02-08 08:42:28 -05:00
Claude Paroz dc8834cad4 Refs #23919 -- Removed unneeded force_str calls 2017-01-20 08:44:31 +01:00
Tim Graham 5320fa77c3 Refs #23919 -- Removed obsolete contextlib.closing() calls (for Python 2). 2017-01-19 08:50:28 -05:00
Claude Paroz 7b2f2e74ad Refs #23919 -- Removed six.<various>_types usage
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18 20:18:46 +01:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Claude Paroz 2ced2f785d Replaced smart_* by force_* calls whenever possible
The smart_* version should only be used when a lazy string should keep
its lazy status.
2016-09-03 13:46:41 +02:00
Andriy Sokolovskiy b40c551fdf Fixed some unclosed objects in tests 2015-07-06 10:10:40 -04:00
Tim Graham 0ed7d15563 Sorted imports with isort; refs #23860. 2015-02-06 08:16:28 -05:00
Jon Dufresne 4468c08d70 Fixed #23968 -- Replaced list comprehension with generators and dict comprehension 2014-12-08 07:58:23 -05:00
Florian Apolloner e2efc8965e Fixed #22680 -- I/O operation on closed file.
This patch is two-fold; first it ensure that Django does close everything in
request.FILES at the end of the request and secondly the storage system should
no longer close any files during save, it's up to the caller to handle that --
or let Django close the files at the end of the request.
2014-06-11 08:57:30 +02:00
Jason Myers 7a61c68c50 PEP8 cleanup
Signed-off-by: Jason Myers <jason@jasonamyers.com>
2013-11-02 23:50:49 -05:00
Simon Charette 11cd7388f7 Fixed #20989 -- Removed useless explicit list comprehensions. 2013-08-30 10:57:51 -04:00
Claude Paroz 5c1143910e Removed most of absolute_import imports
Should be unneeded with Python 2.7 and up.
Added some unicode_literals along the way.
2013-07-29 20:28:13 +02:00
Benjamin Kagia b0953dc913 Fixed #13721 -- Added UploadedFile.content_type_extra.
Thanks Waldemar Kornewald and mvschaik for work on the patch.
2013-07-11 09:11:59 -04:00
Florian Apolloner 89f40e3624 Merged regressiontests and modeltests into the test root. 2013-02-26 14:36:57 +01:00