Projet

Général

Profil

0001-misc-add-settings-to-block-some-extensions-58982.patch

Frédéric Péters, 29 novembre 2021 13:38

Télécharger (2,55 ko)

Voir les différences: 

Subject: [PATCH] misc: add settings to block some extensions (#58982)


 fargo/fargo/forms.py |  6 ++++++
 fargo/settings.py    |  2 ++
 tests/test_public.py | 15 +++++++++++++++
 3 files changed, 23 insertions(+)
fargo/fargo/forms.py
14 14 
# You should have received a copy of the GNU Affero General Public License
15 15 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
16 16 

  		




  
  17
  
    
import os

  		




  
  18
  
    

  		




  17
  19
  
    
from django import forms

  		




  18
  20
  
    
from django.utils.translation import ugettext_lazy as _

  		




  19
  21
  
    
from django.conf import settings

  		




  ......




  34
  36
  
    
                    _('Uploaded file is too big (limit is %s)')

  		




  35
  37
  
    
                    % filesizeformat(settings.FARGO_MAX_DOCUMENT_SIZE)

  		




  36
  38
  
    
                )

  		




  
  39
  
    
            if settings.FARGO_FORBIDDEN_EXTENSIONS:

  		




  
  40
  
    
                ext = os.path.splitext(content.name)[-1]

  		




  
  41
  
    
                if ext in settings.FARGO_FORBIDDEN_EXTENSIONS:

  		




  
  42
  
    
                    raise forms.ValidationError(_('Uploaded file is not allowed.'))

  		




  37
  43
  
    
        return content

  		




  38
  44
  
    

  		




  39
  45
  
    
    def clean(self):

  		












  

    
      fargo/settings.py
    
  





  171
  171
  
    

  		




  172
  172
  
    
# Fargo settings

  		




  173
  173
  
    

  		




  
  174
  
    
FARGO_FORBIDDEN_EXTENSIONS = None

  		




  
  175
  
    

  		




  174
  176
  
    
FARGO_MAX_DOCUMENT_SIZE = 4 * 1024 * 1024  # 4 Mo

  		




  175
  177
  
    

  		




  176
  178
  
    
FARGO_MAX_DOCUMENT_BOX_SIZE = 20 * 1024 * 1024  # 20 Mo

  		












  

    
      tests/test_public.py
    
  





  150
  150
  
    

  		




  151
  151
  
    
    response = app.get('/upload/')

  		




  152
  152
  
    
    assert response.location == '/'

  		




  
  153
  
    

  		




  
  154
  
    

  		




  
  155
  
    
def test_forbidden_extension(app, private_settings, john_doe):

  		




  
  156
  
    
    private_settings.FARGO_FORBIDDEN_EXTENSIONS = ['.txt']

  		




  
  157
  
    
    login(app, user=john_doe)

  		




  
  158
  
    
    resp = app.get('/')

  		




  
  159
  
    
    resp.form['content'] = Upload('monfichier.pdf', b'coin', 'application/pdf')

  		




  
  160
  
    
    resp = resp.form.submit().follow()

  		




  
  161
  
    
    assert UserDocument.objects.count() == 1

  		




  
  162
  
    

  		




  
  163
  
    
    resp = app.get('/')

  		




  
  164
  
    
    resp.form['content'] = Upload('monfichier.txt', b'coin', 'text/plain')

  		




  
  165
  
    
    resp = resp.form.submit()

  		




  
  166
  
    
    assert 'Uploaded file is not allowed.' in resp.text

  		




  
  167
  
    
    assert UserDocument.objects.count() == 1

  		




  153
  
  
    
-