Browse files

- FileUploadWidget now sanitizes IE/Windows whole-path filenames before

  passing them back to the caller during deserialization/validation.

- Add docs and dev setup.py aliases ala Pyramid.
  • Loading branch information...
1 parent 758e4af commit 288abdcfc1a14fc1fd21d116f7e391da83cbed84 @mcdonc mcdonc committed Apr 23, 2012
Showing with 38 additions and 2 deletions.
  1. +7 −1 CHANGES.txt
  2. +16 −0 deform/tests/test_widget.py
  3. +4 −1 deform/widget.py
  4. +4 −0 setup.cfg
  5. +7 −0 setup.py
View
8 CHANGES.txt
@@ -8,7 +8,13 @@ Next release
- Modified Russian translation thanks to aleksandr.rakov
-- Date(Time)Widget supports now options to configure it, thx to gaston tjebbes, kiorky
+- Date(Time)Widget supports now options to configure it, thx to gaston
+ tjebbes, kiorky
+
+- FileUploadWidget now sanitizes IE/Windows whole-path filenames before
+ passing them back to the caller during deserialization/validation.
+
+- Add docs and dev setup.py aliases ala Pyramid.
0.9.4 (2012-02-14)
------------------
View
16 deform/tests/test_widget.py
@@ -903,6 +903,22 @@ def test_deserialize_file_selected_with_previous_file(self):
self.assertEqual(result['preview_url'], 'preview_url')
self.assertEqual(tmpstore['uid'], result)
+ def test_deserialize_file_selected_with_previous_file_IE_whole_path(self):
+ schema = DummySchema()
+ field = DummyField(schema)
+ upload = DummyUpload()
+ upload.filename = r'c:\foo\bar\baz.pt'
+ tmpstore = DummyTmpStore()
+ widget = self._makeOne(tmpstore)
+ result = widget.deserialize(field, {'upload':upload, 'uid':'uid'})
+ self.assertEqual(result['uid'], 'uid')
+ self.assertEqual(result['fp'], 'fp')
+ self.assertEqual(result['filename'], 'baz.pt')
+ self.assertEqual(result['mimetype'], 'mimetype')
+ self.assertEqual(result['size'], 'size')
+ self.assertEqual(result['preview_url'], 'preview_url')
+ self.assertEqual(tmpstore['uid'], result)
+
class TestDatePartsWidget(unittest.TestCase):
def _makeOne(self, **kw):
from deform.widget import DatePartsWidget
View
5 deform/widget.py
@@ -1141,7 +1141,10 @@ def deserialize(self, field, pstruct):
# the upload control had a file selected
data = filedict()
data['fp'] = upload.file
- data['filename'] = upload.filename
+ filename = upload.filename
+ # sanitize IE whole-path filenames
+ filename = filename[filename.rfind('\\')+1:].strip()
+ data['filename'] = filename
data['mimetype'] = upload.type
data['size'] = upload.length
if uid is None:
View
4 setup.cfg
@@ -9,6 +9,10 @@ cover-package=deform
cover-erase=1
exclude=test_demo
+[aliases]
+dev = develop easy_install deform[testing]
+docs = develop easy_install deform[docs]
+
[compile_catalog]
directory = deform/locale
domain = deform
View
7 setup.py
@@ -35,6 +35,9 @@
'translationstring',
]
+testing_extras = ['nose', 'coverage']
+docs_extras = ['Sphinx']
+
setupkw = dict(
name='deform',
version='0.9.4',
@@ -61,6 +64,10 @@
tests_require=requires + ['beautifulsoup4'],
install_requires=requires,
test_suite="deform",
+ extras_require = {
+ 'testing':testing_extras,
+ 'docs':docs_extras,
+ },
)
# to update catalogs, use babel and lingua !

0 comments on commit 288abdc

Please sign in to comment.