Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #7658 -- Added some Windows-specific tempfile handling. The sta…

…ndard

stuff doesn't work with the way Django's file uploading code wants to operate.
Patch from Mike Axiak.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@8096 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 103d484807050c00d02641aa04670cea8d0e68a4 1 parent e29aece
@malcolmt malcolmt authored
View
58 django/core/files/temp.py
@@ -0,0 +1,58 @@
+"""
+The temp module provides a NamedTemporaryFile that can be re-opened on any
+platform. Most platforms use the standard Python tempfile.TemporaryFile class,
+but MS Windows users are given a custom class.
+
+This is needed because in Windows NT, the default implementation of
+NamedTemporaryFile uses the O_TEMPORARY flag, and thus cannot be reopened [1].
+
+1: http://mail.python.org/pipermail/python-list/2005-December/359474.html
+"""
+
+import os
+import tempfile
+
+__all__ = ('NamedTemporaryFile', 'gettempdir',)
+
+if os.name == 'nt':
+ class TemporaryFile(object):
+ """
+ Temporary file object constructor that works in Windows and supports
+ reopening of the temporary file in windows.
+ """
+ def __init__(self, mode='w+b', bufsize=-1, suffix='', prefix='',
+ dir=None):
+ fd, name = tempfile.mkstemp(suffix=suffix, prefix=prefix,
+ dir=dir)
+ self.name = name
+ self._file = os.fdopen(fd, mode, bufsize)
+
+ def __del__(self):
+ try:
+ self._file.close()
+ except (OSError, IOError):
+ pass
+ try:
+ os.unlink(self.name)
+ except (OSError):
+ pass
+
+ try:
+ super(TemporaryFile, self).__del__()
+ except AttributeError:
+ pass
+
+
+ def read(self, *args): return self._file.read(*args)
+ def seek(self, offset): return self._file.seek(offset)
+ def write(self, s): return self._file.write(s)
+ def close(self): return self._file.close()
+ def __iter__(self): return iter(self._file)
+ def readlines(self, size=None): return self._file.readlines(size)
+ def xreadlines(self): return self._file.xreadlines()
+
+ NamedTemporaryFile = TemporaryFile
+else:
+ NamedTemporaryFile = tempfile.NamedTemporaryFile
+
+gettempdir = tempfile.gettempdir
View
3  django/core/files/uploadedfile.py
@@ -3,7 +3,6 @@
"""
import os
-import tempfile
import warnings
try:
from cStringIO import StringIO
@@ -12,6 +11,8 @@
from django.conf import settings
+from django.core.files import temp as tempfile
+
__all__ = ('UploadedFile', 'TemporaryUploadedFile', 'InMemoryUploadedFile', 'SimpleUploadedFile')
# Because we fooled around with it a bunch, UploadedFile has a bunch
View
28 tests/regressiontests/file_uploads/tests.py
@@ -2,9 +2,9 @@
import errno
import sha
import shutil
-import tempfile
import unittest
+from django.core.files import temp as tempfile
from django.core.files.uploadedfile import SimpleUploadedFile
from django.test import TestCase, client
from django.utils import simplejson
@@ -22,7 +22,7 @@ def test_simple_upload(self):
def test_large_upload(self):
tdir = tempfile.gettempdir()
-
+
file1 = tempfile.NamedTemporaryFile(suffix=".file1", dir=tdir)
file1.write('a' * (2 ** 21))
file1.seek(0)
@@ -58,11 +58,11 @@ def test_large_upload(self):
pass
self.assertEqual(response.status_code, 200)
-
+
def test_dangerous_file_names(self):
"""Uploaded file names should be sanitized before ever reaching the view."""
# This test simulates possible directory traversal attacks by a
- # malicious uploader We have to do some monkeybusiness here to construct
+ # malicious uploader We have to do some monkeybusiness here to construct
# a malicious payload with an invalid file name (containing os.sep or
# os.pardir). This similar to what an attacker would need to do when
# trying such an attack.
@@ -79,7 +79,7 @@ def test_dangerous_file_names(self):
"..\\..\\hax0rd.txt", # Relative path, win-style.
"../..\\hax0rd.txt" # Relative path, mixed.
]
-
+
payload = []
for i, name in enumerate(scary_file_names):
payload.extend([
@@ -93,7 +93,7 @@ def test_dangerous_file_names(self):
'--' + client.BOUNDARY + '--',
'',
])
-
+
payload = "\r\n".join(payload)
r = {
'CONTENT_LENGTH': len(payload),
@@ -109,7 +109,7 @@ def test_dangerous_file_names(self):
for i, name in enumerate(scary_file_names):
got = recieved["file%s" % i]
self.assertEqual(got, "hax0rd.txt")
-
+
def test_filename_overflow(self):
"""File names over 256 characters (dangerous on some platforms) get fixed up."""
name = "%s.txt" % ("f"*500)
@@ -131,26 +131,26 @@ def test_filename_overflow(self):
}
got = simplejson.loads(self.client.request(**r).content)
self.assert_(len(got['file']) < 256, "Got a long file name (%s characters)." % len(got['file']))
-
+
def test_custom_upload_handler(self):
- # A small file (under the 5M quota)
+ # A small file (under the 5M quota)
smallfile = tempfile.NamedTemporaryFile()
smallfile.write('a' * (2 ** 21))
# A big file (over the quota)
bigfile = tempfile.NamedTemporaryFile()
bigfile.write('a' * (10 * 2 ** 20))
-
+
# Small file posting should work.
response = self.client.post('/file_uploads/quota/', {'f': open(smallfile.name)})
got = simplejson.loads(response.content)
self.assert_('f' in got)
-
+
# Large files don't go through.
response = self.client.post("/file_uploads/quota/", {'f': open(bigfile.name)})
got = simplejson.loads(response.content)
self.assert_('f' not in got)
-
+
def test_broken_custom_upload_handler(self):
f = tempfile.NamedTemporaryFile()
f.write('a' * (2 ** 21))
@@ -189,7 +189,7 @@ def test_fileupload_getlist(self):
class DirectoryCreationTests(unittest.TestCase):
"""
- Tests for error handling during directory creation
+ Tests for error handling during directory creation
via _save_FIELD_file (ticket #6450)
"""
def setUp(self):
@@ -221,7 +221,7 @@ def test_not_a_directory(self):
except IOError, err:
# The test needs to be done on a specific string as IOError
# is raised even without the patch (just not early enough)
- self.assertEquals(err.args[0],
+ self.assertEquals(err.args[0],
"%s exists and is not a directory" % UPLOAD_TO)
except:
self.fail("IOError not raised")
Please sign in to comment.
Something went wrong with that request. Please try again.