Opened 13 years ago
Last modified 13 years ago
#15879 new Bug
multipart/form-data filename="" not handled as file
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | File uploads/storage | Version: | 1.3 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | yes | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
Django does not parse file uploads with empty filename as file objects in multipart/form-data requests.
This happens currently if you try to upload a Blob in Firefox 4 (https://bugzilla.mozilla.org/show_bug.cgi?id=649150)
Firefox sends this:
Content-Disposition: form-data; name="fieldname"; filename="" Content-Type: content/type DATA
Reading the related RFCs there is no mention that filename="" is not allowed and the existence of the filename parameter should be enough to treat it as a file.
looking at django/http/multipartparser.py
165ff
file_name = disposition.get('filename')
if not file_name:
continue
this would need to set a default filename instead of bailing out
(i.e. if file_name == : file_name = 'data.bin)
590:
if params.get('filename'):
this would need to check
if 'filename' in params:
Attachments (2)
Change History (4)
by , 13 years ago
| Attachment: | multipart_file_with_emptry_string_name.patch added |
|---|
comment:1 by , 13 years ago
| Has patch: | set |
|---|---|
| Needs tests: | set |
| Patch needs improvement: | set |
| Triage Stage: | Unreviewed → Accepted |
Patch doesn't look quite right, based on the description - if there is no filename parameter it would be None, and the current code would skip it (continue) but the new could would not.
by , 13 years ago
| Attachment: | multipart_file_with_emptry_string_name.2.patch added |
|---|
skip file creation if filename is not set
setting file_name to None instead of default value also works. with this patch django is able to handle Blob FormData send by Firefox 4.0