Add file upload management #30

Merged
merged 1 commit into from Sep 1, 2012

Conversation

Projects
None yet
3 participants
@atiberghien

Hi,

I don't really realize if it could be a problem to deal with file attachment but in my case I have to extend contact form with a upload field in order to attach it in the sent mail.

Cheers

Alban

maccesch added a commit that referenced this pull request Sep 1, 2012

Merge pull request #30 from atiberghien/master
Add file upload management

@maccesch maccesch merged commit ad69dda into maccesch:master Sep 1, 2012

@maccesch

This comment has been minimized.

Show comment Hide comment
@maccesch

maccesch Sep 1, 2012

Owner

Thanks!

Owner

maccesch commented Sep 1, 2012

Thanks!

@@ -116,7 +119,7 @@ def render(self, context, instance, placeholder):
form = self.create_form(instance, request)
if request.method == "POST" and form.is_valid():
- self.send(form, instance.site_email)
+ self.send(form, instance.site_email, attachments=request.FILES)

This comment has been minimized.

Show comment Hide comment
@mitar

mitar Oct 14, 2012

This is not good. You are passing files even if form had no fields for them! So somebody can add attachments even when form has no support for them. This could lead to some security issues (there are also no checks on attachment size).

form instance should be enough for attachments. If files were attached, they can be found in corresponding FileField.

@mitar

mitar Oct 14, 2012

This is not good. You are passing files even if form had no fields for them! So somebody can add attachments even when form has no support for them. This could lead to some security issues (there are also no checks on attachment size).

form instance should be enough for attachments. If files were attached, they can be found in corresponding FileField.

This comment has been minimized.

Show comment Hide comment
@maccesch

maccesch Oct 14, 2012

Owner

You're right as you said in #32. I haven't gotten around to fix this yet. But if you want you can do it too.

@maccesch

maccesch Oct 14, 2012

Owner

You're right as you said in #32. I haven't gotten around to fix this yet. But if you want you can do it too.

This comment has been minimized.

Show comment Hide comment
@mitar

mitar Oct 14, 2012

Oh, forgot about that. I was just going through some old e-mails. :-)

@mitar

mitar Oct 14, 2012

Oh, forgot about that. I was just going through some old e-mails. :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment