0001-assets-check-file-extension-on-overwrite-30897.patch
| combo/apps/assets/views.py | ||
|---|---|---|
| 174 | 174 |
raise PermissionDenied() |
| 175 | 175 | |
| 176 | 176 |
upload = self.request.FILES['upload'] |
| 177 | ||
| 178 |
# check that the new file and the original have the same extension |
|
| 179 |
ext_orig = os.path.splitext(img_orig)[1].lower() |
|
| 180 |
ext_upload = os.path.splitext(upload.name)[1].lower() |
|
| 181 |
if ext_orig != ext_upload: |
|
| 182 |
messages.error( |
|
| 183 |
self.request, |
|
| 184 |
_('You have to upload a file with the same extension (%(ext)s).')
|
|
| 185 |
% {'ext': ext_orig})
|
|
| 186 |
return super(AssetOverwrite, self).form_valid(form) |
|
| 187 | ||
| 177 | 188 |
default_storage.delete(img_orig) |
| 178 | 189 |
if getattr(settings, 'CKEDITOR_IMAGE_BACKEND', None): |
| 179 | 190 |
thumb = ckeditor.utils.get_thumb_filename(img_orig) |
| tests/test_manager.py | ||
|---|---|---|
| 769 | 769 | |
| 770 | 770 |
# check overwriting |
| 771 | 771 |
resp = resp.click('Overwrite')
|
| 772 |
resp.form['upload'] = Upload('test.png',
|
|
| 773 |
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='), |
|
| 774 |
'image/png') |
|
| 772 |
# test with the same extension but uppercased |
|
| 773 |
resp.form['upload'] = Upload( |
|
| 774 |
'test.PNG', |
|
| 775 |
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='), |
|
| 776 |
'image/png') |
|
| 775 | 777 |
resp = resp.form.submit().follow() |
| 776 | 778 | |
| 777 | 779 |
resp.click('test.png')
|
| ... | ... | |
| 780 | 782 |
thumbnail_contents_new = open(thumbnail_path, mode='rb').read() |
| 781 | 783 |
assert thumbnail_contents_new != thumbnail_contents |
| 782 | 784 | |
| 785 |
# try to overwrite with a different mimetype |
|
| 786 |
resp = resp.click('Overwrite')
|
|
| 787 |
resp.form['upload'] = Upload( |
|
| 788 |
'test.pdf', |
|
| 789 |
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='), |
|
| 790 |
'application/pdf') |
|
| 791 |
with mock.patch('combo.apps.assets.views.default_storage.delete') as mock_delete:
|
|
| 792 |
resp = resp.form.submit().follow() |
|
| 793 |
# original file was not deleted |
|
| 794 |
assert mock_delete.call_args_list == [] |
|
| 795 |
messages = resp.context['messages'] |
|
| 796 |
assert len(messages._loaded_messages) == 1 |
|
| 797 |
assert messages._loaded_messages[0].message == 'You have to upload a file with the same extension (.png).' |
|
| 798 | ||
| 783 | 799 |
# test deletion |
| 784 | 800 |
resp = resp.click('Delete')
|
| 785 | 801 |
assert 'Are you sure you want to delete' in resp.text |
| 786 |
- |
|