Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mariusz
 Type:   |  Felisiak 
  Cleanup/optimization   |   Status:  closed
Component:  Documentation|  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Comment (by Natalia Bidart):

 Related PR with docs clarifications:
 https://github.com/django/django/pull/18044
 Merged in ba4ffdc8771c2f38cf6de26a2b82bbceea2b933a
-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018eaf1bf386-3079e009-d3f0-4e9b-8706-a8d87ac4521c-00%40eu-central-1.amazonses.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mariusz
 Type:   |  Felisiak 
  Cleanup/optimization   |   Status:  closed
Component:  Documentation|  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"eed53d0011622e70b936e203005f0e6f4ac48965" eed53d0]:
 {{{
 #!CommitTicketReference repository=""
 revision="eed53d0011622e70b936e203005f0e6f4ac48965"
 [3.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass
 of validation when uploading multiple files using one form field.

 Thanks Moataz Al-Sharida and nawaik for reports.

 Co-authored-by: Shai Berger 
 Co-authored-by: nessita <124304+ness...@users.noreply.github.com>
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070187e1b3c9ed-fb7006f0-276d-4a9d-b57d-f323010974cb-00%40eu-central-1.amazonses.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mariusz
 Type:   |  Felisiak 
  Cleanup/optimization   |   Status:  closed
Component:  Documentation|  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"e7c3a2ccc3a562328600be05068ed9149e12ce64" e7c3a2c]:
 {{{
 #!CommitTicketReference repository=""
 revision="e7c3a2ccc3a562328600be05068ed9149e12ce64"
 [4.1.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass
 of validation when uploading multiple files using one form field.

 Thanks Moataz Al-Sharida and nawaik for reports.

 Co-authored-by: Shai Berger 
 Co-authored-by: nessita <124304+ness...@users.noreply.github.com>
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070187e1b3a9d8-015ab44a-500b-4ac5-9613-bd1608b3c614-00%40eu-central-1.amazonses.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mariusz
 Type:   |  Felisiak 
  Cleanup/optimization   |   Status:  closed
Component:  Documentation|  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mariusz Felisiak ):

 In [changeset:"21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd" 21b1b1fc]:
 {{{
 #!CommitTicketReference repository=""
 revision="21b1b1fc03e5f9e9f8c977ee6e35618dd3b353dd"
 [4.2.x] Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass
 of validation when uploading multiple files using one form field.

 Thanks Moataz Al-Sharida and nawaik for reports.

 Co-authored-by: Shai Berger 
 Co-authored-by: nessita <124304+ness...@users.noreply.github.com>
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070187e1b379a0-17b2bf5f-c8c4-4510-a914-24c5082242ba-00%40eu-central-1.amazonses.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mariusz
 Type:   |  Felisiak 
  Cleanup/optimization   |   Status:  closed
Component:  Documentation|  Version:  dev
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mariusz Felisiak ):

 * owner:  (none) => Mariusz Felisiak 
 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"fb4c55d9ec4bb812a7fb91fa20510d91645e411b" fb4c55d]:
 {{{
 #!CommitTicketReference repository=""
 revision="fb4c55d9ec4bb812a7fb91fa20510d91645e411b"
 Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of
 validation when uploading multiple files using one form field.

 Thanks Moataz Al-Sharida and nawaik for reports.

 Co-authored-by: Shai Berger 
 Co-authored-by: nessita <124304+ness...@users.noreply.github.com>
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070187e1b30c5b-551c0911-e11c-4eac-9e81-11df571fc645-00%40eu-central-1.amazonses.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
--+
 Reporter:  nawaik|Owner:  (none)
 Type:  Cleanup/optimization  |   Status:  new
Component:  Documentation |  Version:  dev
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by Claude Paroz):

 * owner:  Mahanth kumar => (none)
 * status:  assigned => new


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018225bf8869-69d6b23f-9aad-4f9e-acb0-c2620e699d46-00%40eu-central-1.amazonses.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mahanth
 Type:   |  kumar
  Cleanup/optimization   |   Status:  assigned
Component:  Documentation|  Version:  dev
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by jaspercram):

 When I add a validator to the image form (using something like
 https://gist.github.com/mobula/da99e4db843b9ceb3a3f ), only the first
 image gets validated. I assume that is another consequence of the problem
 described above. This way, it is not possible to check if the uploaded
 images are not too big. For a developer who is using validators for multi
 image uploads, it is hard to detect that the code doesn't behave as
 expected.
 Shouldn't this be reclassified as a bug?

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.8617a33f7694d76ecae5f32a1a2c5b25%40djangoproject.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mahanth
 Type:   |  kumar
  Cleanup/optimization   |   Status:  assigned
Component:  Documentation|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by simonbru):

 * cc: simonbru (added)


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.80261e24f381d0b6aa84af8c6d041a35%40djangoproject.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mahanth
 Type:   |  kumar
  Cleanup/optimization   |   Status:  assigned
Component:  Documentation|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-

Comment (by Mahanth kumar):

 Replying to [comment:3 felixxm]:
 > [https://docs.djangoproject.com/en/3.0/topics/http/file-uploads
 /#uploading-multiple-files Uploading multiple files] contains only a
 simple example how you can handle multiple files, it will validate only
 the first file. It's not a bug in `ImageField` because it doesn't support
 uploading multiple files.
 >
 > I agree that we we could improve this example (`forms.py`) with adding
 all files validation.
 I''m thinking to add a note under the example regarding the all files
 validation,Is that Okay?
 or how should i improve the forms.py example

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.bc96300116cb4ab5d238ef6c17f37c19%40djangoproject.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example.

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
-+-
 Reporter:  nawaik   |Owner:  Mahanth
 Type:   |  kumar
  Cleanup/optimization   |   Status:  assigned
Component:  Documentation|  Version:  master
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  0|UI/UX:  0
-+-
Changes (by Mahanth kumar):

 * owner:  nobody => Mahanth kumar
 * status:  new => assigned


-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.2ce1d4079374e17d049993d434395de5%40djangoproject.com.

Re: [Django] #31710: Added all files validation to the "Uploading multiple files" example. (was: Multi upload with Imagefield allows non image files to be uploaded)

[Django]

#31710: Added all files validation to the "Uploading multiple files" example.
--+
 Reporter:  nawaik|Owner:  nobody
 Type:  Cleanup/optimization  |   Status:  new
Component:  Documentation |  Version:  master
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  0 |UI/UX:  0
--+
Changes (by felixxm):

 * type:  Bug => Cleanup/optimization
 * component:  File uploads/storage => Documentation
 * stage:  Unreviewed => Accepted


Comment:

 [https://docs.djangoproject.com/en/3.0/topics/http/file-uploads
 /#uploading-multiple-files Uploading multiple files] contains only a
 simple example how you can handle multiple files, it will validate only
 the first file. It's not a bug in `ImageField` because it doesn't support
 uploading multiple files.

 I agree that we we could improve this example (`forms.py`) with adding all
 files validation.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/064.5245a731d65d8ff191ca8504febcebef%40djangoproject.com.