Ticket #18150: updated patch.diff

File updated patch.diff, 1.6 KB (added by supersteve9219, 12 years ago)

updated patch file

  • django/core/files/uploadedfile.py 

    diff --git a/django/core/files/uploadedfile.py b/django/core/files/uploadedfile.py
index 39b99ff..8341ade 100644
    a b class UploadedFile(File):  
    3939    def _set_name(self, name):
    4040        # Sanitize the file name so that it can't be dangerous.
    4141        if name is not None:
    42             # Just use the basename of the file -- anything else is dangerous.
    43             name = os.path.basename(name)
    44 
     42            # Just use the basename of the file -- anything else is dangerous. If ends with backslash replaces it with "0" to prevent empty string name.
     43            if name[-1] != "\\":
     44                name = os.path.basename(name)
     45            else:
     46                name = name[:-1] + "0"
     47                name = os.path.basename(name)
    4548            # File names longer than 255 characters can cause problems on older OSes.
    4649            if len(name) > 255:
    4750                name, ext = os.path.splitext(name)

  • django/http/multipartparser.py 

    diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
index 070874f..509e8ec 100644
    a b class MultiPartParser(object):  
    173173                    if not file_name:
    174174                        continue
    175175                    file_name = force_text(file_name, encoding, errors='replace')
    176                     file_name = self.IE_sanitize(unescape_entities(file_name))
     176                    file_name = unescape_entities(file_name)
    177177
    178178                    content_type = meta_data.get('content-type', ('',))[0].strip()
    179179                    try:
Back to Top