#32718: Saving a FileField raises SuspiciousFileOperation in some scenarios.
-------------------------------------+-------------------------------------
Reporter: Jakub Kleň | Owner: Mariusz
| Felisiak
Type: Bug | Status: closed
Component: Database layer | Version: 2.2
(models, ORM) |
Severity: Release blocker | Resolution: fixed
Keywords: 3.2.1 file model | Triage Stage: Accepted
filefield fieldfile |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mariusz Felisiak <felisiak.mariusz@…>):
In [changeset:"b7d4a6fa650f97982cf9ca246ddfa623d685487b" b7d4a6fa]:
{{{
#!CommitTicketReference repository=""
revision="b7d4a6fa650f97982cf9ca246ddfa623d685487b"
[3.1.x] Fixed #32718 -- Relaxed file name validation in FileField.
- Validate filename returned by FileField.upload_to() not a filename
passed to the FileField.generate_filename() (upload_to() may
completely ignored passed filename).
- Allow relative paths (without dot segments) in the generated filename.
Thanks to Jakub Kleň for the report and review.
Thanks to all folks for checking this patch on existing projects.
Thanks Florian Apolloner and Markus Holtermann for the discussion and
implementation idea.
Regression in 0b79eb36915d178aef5c6a7bbce71b1e76d376d3.
Backport of b55699968fc9ee985384c64e37f6cc74a0a23683 from main.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/32718#comment:42>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/064.40b4ca08199efb41fec9db78297b2b75%40djangoproject.com.
