Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #21033 -- Fixed uploaded filenames not always being truncated t…

…o 255 characters
  • Loading branch information...
commit 7008ed61c519f93a9b6c5c547ad718ad2deb959b 1 parent d6e222f
@homm homm authored bmispelon committed
View
1  django/core/files/uploadedfile.py
@@ -46,6 +46,7 @@ def _set_name(self, name):
# File names longer than 255 characters can cause problems on older OSes.
if len(name) > 255:
name, ext = os.path.splitext(name)
+ ext = ext[:255]
name = name[:255 - len(ext)] + ext
self._name = name
View
38 tests/file_uploads/tests.py
@@ -167,16 +167,26 @@ def test_dangerous_file_names(self):
def test_filename_overflow(self):
"""File names over 256 characters (dangerous on some platforms) get fixed up."""
- name = "%s.txt" % ("f"*500)
- payload = client.FakePayload("\r\n".join([
- '--' + client.BOUNDARY,
- 'Content-Disposition: form-data; name="file"; filename="%s"' % name,
- 'Content-Type: application/octet-stream',
- '',
- 'Oops.'
- '--' + client.BOUNDARY + '--',
- '',
- ]))
+ long_str = 'f' * 300
+ cases = [
+ # field name, filename, expected
+ ('long_filename', '%s.txt' % long_str, '%s.txt' % long_str[:251]),
+ ('long_extension', 'foo.%s' % long_str, '.%s' % long_str[:254]),
+ ('no_extension', long_str, long_str[:255]),
+ ('no_filename', '.%s' % long_str, '.%s' % long_str[:254]),
+ ('long_everything', '%s.%s' % (long_str, long_str), '.%s' % long_str[:254]),
+ ]
+ payload = client.FakePayload()
+ for name, filename, _ in cases:
+ payload.write("\r\n".join([
+ '--' + client.BOUNDARY,
+ 'Content-Disposition: form-data; name="{0}"; filename="{1}"',
+ 'Content-Type: application/octet-stream',
+ '',
+ 'Oops.',
+ ''
+ ]).format(name, filename))
+ payload.write('\r\n--' + client.BOUNDARY + '--\r\n')
r = {
'CONTENT_LENGTH': len(payload),
'CONTENT_TYPE': client.MULTIPART_CONTENT,
@@ -184,8 +194,12 @@ def test_filename_overflow(self):
'REQUEST_METHOD': 'POST',
'wsgi.input': payload,
}
- got = json.loads(self.client.request(**r).content.decode('utf-8'))
- self.assertTrue(len(got['file']) < 256, "Got a long file name (%s characters)." % len(got['file']))
+ result = json.loads(self.client.request(**r).content.decode('utf-8'))
+ for name, _, expected in cases:
+ got = result[name]
+ self.assertEqual(expected, got, 'Mismatch for {0}'.format(name))
+ self.assertTrue(len(got) < 256,
+ "Got a long file name (%s characters)." % len(got))
def test_content_type_extra(self):
"""Uploaded files may have content type parameters available."""
View
1  tests/files/tests.py
@@ -132,7 +132,6 @@ def test_stringio(self):
self.assertEqual(f.read(), b'content')
-
class FileTests(unittest.TestCase):
def test_context_manager(self):
orig_file = tempfile.TemporaryFile()
Please sign in to comment.
Something went wrong with that request. Please try again.