Context Navigation

← Previous Ticket
Next Ticket →

#26325 closed Bug (fixed)

File upload crashes when presented with filename ending with a backslash

Reported by:	jmb202	Owned by:	nobody
Component:	File uploads/storage	Version:	1.8
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

The multipart parser in Django 1.8.10 will crash if the following conditions are met:

the total POST body is small enough to cause the MemoryFileUploadHandler to be active
the name of the file provided in the multipart header ends with a backslash

The following traceback is obtained:

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 125, in get_response
  File "/usr/lib/python2.7/dist-packages/django/middleware/csrf.py", line 170, in process_view
    request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
  File "/usr/lib/python2.7/dist-packages/django/core/handlers/wsgi.py", line 146, in _get_post
    self._load_post_and_files()
  File "/usr/lib/python2.7/dist-packages/django/http/request.py", line 215, in _load_post_and_files
    self._post, self._files = self.parse_file_upload(self.META, data)
  File "/usr/lib/python2.7/dist-packages/django/http/request.py", line 180, in parse_file_upload
    return parser.parse()
  File "/usr/lib/python2.7/dist-packages/django/http/multipartparser.py", line 145, in parse
    self.handle_file_complete(old_field_name, counters)
  File "/usr/lib/python2.7/dist-packages/django/http/multipartparser.py", line 255, in handle_file_complete
    file_obj = handler.file_complete(counters[i])
  File "/usr/lib/python2.7/dist-packages/django/core/files/uploadhandler.py", line 141, in file_complete
    self.file.seek(0)
AttributeError: 'TemporaryFileUploadHandler' object has no attribute 'file'

I have attached a patch containing a proposed fix and regression test.