0001-assets-check-file-extension-on-overwrite-30897.patch
combo/apps/assets/views.py | ||
---|---|---|
174 | 174 |
raise PermissionDenied() |
175 | 175 | |
176 | 176 |
upload = self.request.FILES['upload'] |
177 | ||
178 |
# check that the new file and the original have the same extension |
|
179 |
ext_orig = os.path.splitext(img_orig)[1].lower() |
|
180 |
ext_upload = os.path.splitext(upload.name)[1].lower() |
|
181 |
if ext_orig != ext_upload: |
|
182 |
messages.error( |
|
183 |
self.request, |
|
184 |
_('You have to upload a file with the same extension (%(ext)s).') |
|
185 |
% {'ext': ext_orig}) |
|
186 |
return super(AssetOverwrite, self).form_valid(form) |
|
187 | ||
177 | 188 |
default_storage.delete(img_orig) |
178 | 189 |
if getattr(settings, 'CKEDITOR_IMAGE_BACKEND', None): |
179 | 190 |
thumb = ckeditor.utils.get_thumb_filename(img_orig) |
tests/test_manager.py | ||
---|---|---|
769 | 769 | |
770 | 770 |
# check overwriting |
771 | 771 |
resp = resp.click('Overwrite') |
772 |
resp.form['upload'] = Upload('test.png', |
|
773 |
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='), |
|
774 |
'image/png') |
|
772 |
# test with the same extension but uppercased |
|
773 |
resp.form['upload'] = Upload( |
|
774 |
'test.PNG', |
|
775 |
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='), |
|
776 |
'image/png') |
|
775 | 777 |
resp = resp.form.submit().follow() |
776 | 778 | |
777 | 779 |
resp.click('test.png') |
... | ... | |
780 | 782 |
thumbnail_contents_new = open(thumbnail_path, mode='rb').read() |
781 | 783 |
assert thumbnail_contents_new != thumbnail_contents |
782 | 784 | |
785 |
# try to overwrite with a different mimetype |
|
786 |
resp = resp.click('Overwrite') |
|
787 |
resp.form['upload'] = Upload( |
|
788 |
'test.pdf', |
|
789 |
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='), |
|
790 |
'application/pdf') |
|
791 |
with mock.patch('combo.apps.assets.views.default_storage.delete') as mock_delete: |
|
792 |
resp = resp.form.submit().follow() |
|
793 |
# original file was not deleted |
|
794 |
assert mock_delete.call_args_list == [] |
|
795 |
messages = resp.context['messages'] |
|
796 |
assert len(messages._loaded_messages) == 1 |
|
797 |
assert messages._loaded_messages[0].message == 'You have to upload a file with the same extension (.png).' |
|
798 | ||
783 | 799 |
# test deletion |
784 | 800 |
resp = resp.click('Delete') |
785 | 801 |
assert 'Are you sure you want to delete' in resp.text |
786 |
- |