Opened 5 years ago

Closed 3 years ago

#13314 closed Bug (duplicate)

"FileField" validation does not account for "upload_to" when counting characters

Reported by: denilsonsa Owned by: nobody
Component: Forms Version: 1.1
Severity: Normal Keywords:
Cc: lrekucki Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I have a model with a FileField object:

def set_file (instance, filename):
    return os.path.join("uploaded_files/my_obj_%d" % instance.my_obj_id, os.path.basename(filename))

class MyModel(models.Model):
    my_file = models.FileField(upload_to=set_file, null=True)

And I have a view that receives the POST and handles it to a trivial forms.ModelForm object. In that view I check for .is_valid().

Since the FileField creates a 100-char column at the database, any filename greater than 100 chars will be rejected, and the form instance will have a nice error message talking about this.

However, this comparison is broken, because the actual data stored at the database won't be the filename, but instead the return value of the "upload_to" callable. This returned value, in my case, has more characters than the actual filename.

Thus, in this case, filenames between 75 and 100 characters will be accepted by the form validation, but will be rejected by the database when the actual .save() occurs.

I'm not very sure about what is the best solution, but the forms.fields.FileField shouldn't rely just on the max_length parameter when validating the input.

Change History (6)

comment:1 Changed 5 years ago by russellm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 5 years ago by dominicrodger

  • Summary changed from "FIleField" validation does not account for "upload_to" when counting characters to "FileField" validation does not account for "upload_to" when counting characters

comment:3 Changed 5 years ago by lrekucki

  • Cc lrekucki added

I just go bitten by this. I'm not sure about how to fix this properly. Checking it at forms.FileField works as long as you are using ModelForms. IMHO, the FileField itself should reject names that exceed max_length after being processed by upload_to.

Maybe we should also pass max_length as an argument to upload_to, so the user could handle this (with hashing for example). Either way, a custom exception would be much better than leaving it to the DB layer which yields a DatabaseError (and it would show up on sqlite, so people can catch this earlier).

comment:4 Changed 4 years ago by julien

  • Severity set to Normal
  • Type set to Bug

comment:5 Changed 4 years ago by thejaswi_puthraya

  • Component changed from Uncategorized to Forms
  • Easy pickings unset
  • UI/UX unset

comment:6 Changed 3 years ago by claudep

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #9893.

Note: See TracTickets for help on using tickets.
Back to Top