Projet

Général

Profil

0001-assets-check-file-extension-on-overwrite-30897.patch

Lauréline Guérin, 15 octobre 2019 10:46

Télécharger (2,93 ko)

Voir les différences: 

Subject: [PATCH] assets: check file extension on overwrite (#30897)


 combo/apps/assets/views.py | 11 +++++++++++
 tests/test_manager.py      | 16 +++++++++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)
combo/apps/assets/views.py
174 174 
            raise PermissionDenied()
175 175 

  		




  176
  176
  
    
        upload = self.request.FILES['upload']

  		




  
  177
  
    

  		




  
  178
  
    
        # check that the new file and the original have the same extension

  		




  
  179
  
    
        ext_orig = os.path.splitext(img_orig)[1].lower()

  		




  
  180
  
    
        ext_upload = os.path.splitext(upload.name)[1].lower()

  		




  
  181
  
    
        if ext_orig != ext_upload:

  		




  
  182
  
    
            messages.error(

  		




  
  183
  
    
                self.request,

  		




  
  184
  
    
                _('You have to upload a file with the same extension (%(ext)s)')

  		




  
  185
  
    
                % {'ext': ext_orig})

  		




  
  186
  
    
            return super(AssetOverwrite, self).form_valid(form)

  		




  
  187
  
    

  		




  177
  188
  
    
        default_storage.delete(img_orig)

  		




  178
  189
  
    
        if getattr(settings, 'CKEDITOR_IMAGE_BACKEND', None):

  		




  179
  190
  
    
            thumb = ckeditor.utils.get_thumb_filename(img_orig)

  		












  

    
      tests/test_manager.py
    
  





  769
  769
  
    

  		




  770
  770
  
    
    # check overwriting

  		




  771
  771
  
    
    resp = resp.click('Overwrite')

  		




  772
  
  
    
    resp.form['upload'] = Upload('test.png',

  		




  
  772
  
    
    # test with the same extension but uppercased

  		




  
  773
  
    
    resp.form['upload'] = Upload('test.PNG',

  		




  773
  774
  
    
            base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),

  		




  774
  775
  
    
            'image/png')

  		




  775
  776
  
    
    resp = resp.form.submit().follow()

  		




  ......




  780
  781
  
    
    thumbnail_contents_new = open(thumbnail_path, mode='rb').read()

  		




  781
  782
  
    
    assert thumbnail_contents_new != thumbnail_contents

  		




  782
  783
  
    

  		




  
  784
  
    
    # try to overwrite with a different mimetype

  		




  
  785
  
    
    resp = resp.click('Overwrite')

  		




  
  786
  
    
    resp.form['upload'] = Upload('test.pdf',

  		




  
  787
  
    
            base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),

  		




  
  788
  
    
            'application/pdf')

  		




  
  789
  
    
    with mock.patch('combo.apps.assets.views.default_storage.delete') as mock_delete:

  		




  
  790
  
    
        resp = resp.form.submit().follow()

  		




  
  791
  
    
    # original file was not deleted

  		




  
  792
  
    
    assert mock_delete.call_args_list == []

  		




  
  793
  
    
    messages = resp.context['messages']

  		




  
  794
  
    
    assert len(messages._loaded_messages) == 1

  		




  
  795
  
    
    assert messages._loaded_messages[0].message == 'You have to upload a file with the same extension (.png)'

  		




  
  796
  
    

  		




  783
  797
  
    
    # test deletion

  		




  784
  798
  
    
    resp = resp.click('Delete')

  		




  785
  799
  
    
    assert 'Are you sure you want to delete' in resp.text

  		




  786
  
  
    
-