Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #21033 -- Fixed uploaded filenames not always being truncated t…

…o 255 characters
  • Loading branch information...
commit 7008ed61c519f93a9b6c5c547ad718ad2deb959b 1 parent d6e222f
homm authored September 04, 2013 bmispelon committed September 10, 2013
1  django/core/files/uploadedfile.py
@@ -46,6 +46,7 @@ def _set_name(self, name):
46 46
             # File names longer than 255 characters can cause problems on older OSes.
47 47
             if len(name) > 255:
48 48
                 name, ext = os.path.splitext(name)
  49
+                ext = ext[:255]
49 50
                 name = name[:255 - len(ext)] + ext
50 51
 
51 52
         self._name = name
38  tests/file_uploads/tests.py
@@ -167,16 +167,26 @@ def test_dangerous_file_names(self):
167 167
 
168 168
     def test_filename_overflow(self):
169 169
         """File names over 256 characters (dangerous on some platforms) get fixed up."""
170  
-        name = "%s.txt" % ("f"*500)
171  
-        payload = client.FakePayload("\r\n".join([
172  
-            '--' + client.BOUNDARY,
173  
-            'Content-Disposition: form-data; name="file"; filename="%s"' % name,
174  
-            'Content-Type: application/octet-stream',
175  
-            '',
176  
-            'Oops.'
177  
-            '--' + client.BOUNDARY + '--',
178  
-            '',
179  
-        ]))
  170
+        long_str = 'f' * 300
  171
+        cases = [
  172
+            # field name, filename, expected
  173
+            ('long_filename', '%s.txt' % long_str, '%s.txt' % long_str[:251]),
  174
+            ('long_extension', 'foo.%s' % long_str, '.%s' % long_str[:254]),
  175
+            ('no_extension', long_str, long_str[:255]),
  176
+            ('no_filename', '.%s' % long_str, '.%s' % long_str[:254]),
  177
+            ('long_everything', '%s.%s' % (long_str, long_str), '.%s' % long_str[:254]),
  178
+        ]
  179
+        payload = client.FakePayload()
  180
+        for name, filename, _ in cases:
  181
+            payload.write("\r\n".join([
  182
+                '--' + client.BOUNDARY,
  183
+                'Content-Disposition: form-data; name="{0}"; filename="{1}"',
  184
+                'Content-Type: application/octet-stream',
  185
+                '',
  186
+                'Oops.',
  187
+                ''
  188
+            ]).format(name, filename))
  189
+        payload.write('\r\n--' + client.BOUNDARY + '--\r\n')
180 190
         r = {
181 191
             'CONTENT_LENGTH': len(payload),
182 192
             'CONTENT_TYPE':   client.MULTIPART_CONTENT,
@@ -184,8 +194,12 @@ def test_filename_overflow(self):
184 194
             'REQUEST_METHOD': 'POST',
185 195
             'wsgi.input':     payload,
186 196
         }
187  
-        got = json.loads(self.client.request(**r).content.decode('utf-8'))
188  
-        self.assertTrue(len(got['file']) < 256, "Got a long file name (%s characters)." % len(got['file']))
  197
+        result = json.loads(self.client.request(**r).content.decode('utf-8'))
  198
+        for name, _, expected in cases:
  199
+            got = result[name]
  200
+            self.assertEqual(expected, got, 'Mismatch for {0}'.format(name))
  201
+            self.assertTrue(len(got) < 256,
  202
+                            "Got a long file name (%s characters)." % len(got))
189 203
 
190 204
     def test_content_type_extra(self):
191 205
         """Uploaded files may have content type parameters available."""
1  tests/files/tests.py
@@ -132,7 +132,6 @@ def test_stringio(self):
132 132
             self.assertEqual(f.read(), b'content')
133 133
 
134 134
 
135  
-
136 135
 class FileTests(unittest.TestCase):
137 136
     def test_context_manager(self):
138 137
         orig_file = tempfile.TemporaryFile()

0 notes on commit 7008ed6

Please sign in to comment.
Something went wrong with that request. Please try again.