django/django
Mariusz Felisiak b55699968f
Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
  passed to the FileField.generate_filename() (upload_to() may
  completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.

Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.

Regression in 0b79eb3691.
2021-05-13 08:53:44 +02:00
..
apps Refs #32355 -- Corrected comments about Python's _NamespacePath. 2021-03-26 10:17:10 +01:00
conf Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
contrib Fixed #32031 -- Added model class for each model to AdminSite.each_context(). 2021-05-13 06:57:09 +02:00
core Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:53:44 +02:00
db Fixed #32718 -- Relaxed file name validation in FileField. 2021-05-13 08:53:44 +02:00
dispatch Refs #31327 -- Removed providing_args argument for Signal per deprecation timeline. 2021-01-14 17:50:04 +01:00
forms Refs #32738 -- Added sanitize_strftime_format() to replace datetime_safe. 2021-05-12 14:42:17 +02:00
http Fixed #32366 -- Updated datetime module usage to recommended approach. 2021-05-12 11:08:41 +02:00
middleware Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting. 2021-04-30 12:32:52 +02:00
template Refs #24121 -- Added __repr__() to Origin and Template. 2021-03-17 07:49:55 +01:00
templatetags Refs #24121 -- Added__repr__() to StaticNode. 2021-05-12 08:41:52 +02:00
test Fixed #32641 -- Made DiscoverRunner print the number of found tests. 2021-04-15 11:42:46 +02:00
urls Refs #32260 -- Made admindocs and technical 404 debug page use view_func.view_class. 2021-03-30 06:51:27 +02:00
utils Fixed #32717 -- Fixed filtering of querysets combined with the | operator. 2021-05-13 07:26:52 +02:00
views Fixed #32366 -- Updated datetime module usage to recommended approach. 2021-05-12 11:08:41 +02:00
__init__.py Bumped version; master is now 4.0 pre-alpha. 2021-01-14 17:50:04 +01:00
__main__.py Fixed #24857 -- Added "python -m django" entry point. 2015-09-07 19:54:32 -04:00
shortcuts.py Made small readability improvements. 2020-10-28 20:20:20 +01:00