Raise BadRequest if static file name is invalid by chaosagent · Pull Request #1763 · pallets/flask

chaosagent · 2016-04-01T02:53:19Z

Fixes issue #1761

flask/helpers.py

+    try:
+        if not os.path.isfile(filename):
+            raise NotFound()
+    except TypeError:


chaosagent · 2016-04-01T06:25:01Z

Thanks for the tips; I'm kinda new to serious software development ;)

tests/test_helpers.py

+        with app.test_request_context():
+            with pytest.raises(BadRequest):
+                rv = flask.send_from_directory('static', 'bad\x00')
+                rv.close()


untitaker · 2016-04-01T13:12:38Z

LGTM!

@ThiefMaster When merging this, you might want to merge into the 0.10-maintenance branch, and then merge 0.10-maintenance into master, such that we can do a bugfix-release without releasing 1.0. Just make sure you only merge this PRs changes, not all the commits from master.

chaosagent · 2016-04-02T03:52:23Z

Should I squash these commits before merge?

ThiefMaster · 2016-04-02T06:36:22Z

yes, please!

untitaker · 2016-04-02T07:09:34Z

@ThiefMaster https://github.com/blog/2141-squash-your-commits

On 2 April 2016 08:36:37 CEST, Adrian notifications@github.com wrote:

yes, please!

You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#1763 (comment)

Sent from my Android device with K-9 Mail. Please excuse my brevity.

untitaker · 2016-04-02T19:07:35Z

Awesome, thanks!

Raise BadRequest if static file name is invalid

b4dd92d

ThiefMaster reviewed Apr 1, 2016
View reviewed changes

flask/helpers.py Outdated

try:

if not os.path.isfile(filename):

raise NotFound()

except TypeError:

This comment was marked as off-topic.

Sign in to view

Clean up syntax a bit

3353c14

chaosagent force-pushed the issues/1761 branch from 69ecee4 to 3353c14 Compare April 1, 2016 06:27

untitaker assigned ThiefMaster Apr 1, 2016

ThiefMaster reviewed Apr 1, 2016
View reviewed changes

tests/test_helpers.py Outdated

with app.test_request_context():

with pytest.raises(BadRequest):

rv = flask.send_from_directory('static', 'bad\x00')

rv.close()

This comment was marked as off-topic.

Sign in to view

Remove unnecessary close()

4d012cb

untitaker merged commit 9f1be8e into pallets:master Apr 2, 2016

untitaker added a commit that referenced this pull request Apr 2, 2016

Changelog for #1763

bd66710

github-actions bot locked as resolved and limited conversation to collaborators Nov 14, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Raise BadRequest if static file name is invalid#1763

Raise BadRequest if static file name is invalid#1763
untitaker merged 3 commits intopallets:masterfrom
chaosagent:issues/1761

chaosagent commented Apr 1, 2016

Uh oh!

This comment was marked as off-topic.

Uh oh!

chaosagent commented Apr 1, 2016

Uh oh!

This comment was marked as off-topic.

Uh oh!

untitaker commented Apr 1, 2016

Uh oh!

chaosagent commented Apr 2, 2016

Uh oh!

ThiefMaster commented Apr 2, 2016

Uh oh!

untitaker commented Apr 2, 2016

Uh oh!

untitaker commented Apr 2, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

chaosagent commented Apr 1, 2016

Uh oh!

This comment was marked as off-topic.

Uh oh!

chaosagent commented Apr 1, 2016

Uh oh!

This comment was marked as off-topic.

Uh oh!

untitaker commented Apr 1, 2016

Uh oh!

chaosagent commented Apr 2, 2016

Uh oh!

ThiefMaster commented Apr 2, 2016

Uh oh!

untitaker commented Apr 2, 2016

Uh oh!

untitaker commented Apr 2, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants