0001-misc-add-settings-to-block-some-extensions-58982.patch
fargo/fargo/forms.py | ||
---|---|---|
14 | 14 |
# You should have received a copy of the GNU Affero General Public License |
15 | 15 |
# along with this program. If not, see <http://www.gnu.org/licenses/>. |
16 | 16 | |
17 |
import os |
|
18 | ||
17 | 19 |
from django import forms |
18 | 20 |
from django.utils.translation import ugettext_lazy as _ |
19 | 21 |
from django.conf import settings |
... | ... | |
34 | 36 |
_('Uploaded file is too big (limit is %s)') |
35 | 37 |
% filesizeformat(settings.FARGO_MAX_DOCUMENT_SIZE) |
36 | 38 |
) |
39 |
if settings.FARGO_FORBIDDEN_EXTENSIONS: |
|
40 |
ext = os.path.splitext(content.name)[-1] |
|
41 |
if ext in settings.FARGO_FORBIDDEN_EXTENSIONS: |
|
42 |
raise forms.ValidationError(_('Uploaded file is not allowed.')) |
|
37 | 43 |
return content |
38 | 44 | |
39 | 45 |
def clean(self): |
fargo/settings.py | ||
---|---|---|
171 | 171 | |
172 | 172 |
# Fargo settings |
173 | 173 | |
174 |
FARGO_FORBIDDEN_EXTENSIONS = None |
|
175 | ||
174 | 176 |
FARGO_MAX_DOCUMENT_SIZE = 4 * 1024 * 1024 # 4 Mo |
175 | 177 | |
176 | 178 |
FARGO_MAX_DOCUMENT_BOX_SIZE = 20 * 1024 * 1024 # 20 Mo |
tests/test_public.py | ||
---|---|---|
150 | 150 | |
151 | 151 |
response = app.get('/upload/') |
152 | 152 |
assert response.location == '/' |
153 | ||
154 | ||
155 |
def test_forbidden_extension(app, private_settings, john_doe): |
|
156 |
private_settings.FARGO_FORBIDDEN_EXTENSIONS = ['.txt'] |
|
157 |
login(app, user=john_doe) |
|
158 |
resp = app.get('/') |
|
159 |
resp.form['content'] = Upload('monfichier.pdf', b'coin', 'application/pdf') |
|
160 |
resp = resp.form.submit().follow() |
|
161 |
assert UserDocument.objects.count() == 1 |
|
162 | ||
163 |
resp = app.get('/') |
|
164 |
resp.form['content'] = Upload('monfichier.txt', b'coin', 'text/plain') |
|
165 |
resp = resp.form.submit() |
|
166 |
assert 'Uploaded file is not allowed.' in resp.text |
|
167 |
assert UserDocument.objects.count() == 1 |
|
153 |
- |