Opened 14 years ago
Last modified 14 years ago
#15879 new Bug
multipart/form-data filename="" not handled as file
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | File uploads/storage | Version: | 1.3 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | yes | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
Django does not parse file uploads with empty filename as file objects in multipart/form-data requests.
This happens currently if you try to upload a Blob in Firefox 4 (https://bugzilla.mozilla.org/show_bug.cgi?id=649150)
Firefox sends this:
Content-Disposition: form-data; name="fieldname"; filename="" Content-Type: content/type DATA
Reading the related RFCs there is no mention that filename="" is not allowed and the existence of the filename parameter should be enough to treat it as a file.
looking at django/http/multipartparser.py
165ff
file_name = disposition.get('filename') if not file_name: continue
this would need to set a default filename instead of bailing out
(i.e. if file_name == : file_name = 'data.bin)
590:
if params.get('filename'):
this would need to check
if 'filename' in params:
Attachments (2)
Change History (4)
by , 14 years ago
Attachment: | multipart_file_with_emptry_string_name.patch added |
---|
comment:1 by , 14 years ago
Has patch: | set |
---|---|
Needs tests: | set |
Patch needs improvement: | set |
Triage Stage: | Unreviewed → Accepted |
Patch doesn't look quite right, based on the description - if there is no filename parameter it would be None, and the current code would skip it (continue) but the new could would not.
by , 14 years ago
Attachment: | multipart_file_with_emptry_string_name.2.patch added |
---|
skip file creation if filename is not set
setting file_name to None instead of default value also works. with this patch django is able to handle Blob FormData send by Firefox 4.0