0001-misc-remove-invalid-characters-from-content-disposit.patch
tests/form_pages/test_formdata.py | ||
---|---|---|
182 | 182 |
assert resp.request.environ['PATH_INFO'].endswith(attachment_variable.filename) |
183 | 183 | |
184 | 184 | |
185 |
def test_formdata_attachment_download_with_invalid_character(pub): |
|
186 |
create_user(pub) |
|
187 |
wf = Workflow(name='status') |
|
188 |
st1 = wf.add_status('Status1', 'st1') |
|
189 |
attach = AddAttachmentWorkflowStatusItem() |
|
190 |
attach.id = '_attach' |
|
191 |
attach.by = ['_submitter'] |
|
192 |
st1.items.append(attach) |
|
193 |
attach.parent = st1 |
|
194 |
wf.store() |
|
195 | ||
196 |
FormDef.wipe() |
|
197 |
formdef = FormDef() |
|
198 |
formdef.name = 'test' |
|
199 |
formdef.workflow_id = wf.id |
|
200 |
formdef.fields = [] |
|
201 |
formdef.store() |
|
202 |
formdef.data_class().wipe() |
|
203 | ||
204 |
resp = login(get_app(pub), username='foo', password='foo').get('/test/') |
|
205 |
resp = resp.forms[0].submit('submit') |
|
206 |
resp = resp.forms[0].submit('submit').follow() |
|
207 | ||
208 |
resp.forms[0]['attachment_attach$file'] = Upload('test\n".txt', b'foobar', 'text/plain') |
|
209 |
resp = resp.forms[0].submit('button_attach') |
|
210 | ||
211 |
resp = resp.follow() # back to form page |
|
212 |
resp = resp.click('test\n".txt') |
|
213 |
resp = resp.follow() |
|
214 |
assert resp.content_type == 'text/plain' |
|
215 |
assert resp.text == 'foobar' |
|
216 | ||
217 | ||
185 | 218 |
def test_formdata_attachment_download_to_backoffice_file_field(pub): |
186 | 219 |
create_user(pub) |
187 | 220 |
wf = Workflow(name='status') |
wcs/forms/common.py | ||
---|---|---|
96 | 96 |
if file.charset: |
97 | 97 |
response.set_charset(file.charset) |
98 | 98 |
if file.base_filename: |
99 |
# remove invalid characters from filename |
|
100 |
filename = file.base_filename.translate(str.maketrans({x: '_' for x in '"\n\r'})) |
|
99 | 101 |
content_disposition = 'attachment' |
100 | 102 |
if file.content_type.startswith('image/') and not file.content_type.startswith('image/svg'): |
101 | 103 |
content_disposition = 'inline' |
102 | 104 |
elif file.content_type == 'application/pdf': |
103 | 105 |
content_disposition = 'inline' |
104 |
response.set_header( |
|
105 |
'content-disposition', '%s; filename="%s"' % (content_disposition, file.base_filename) |
|
106 |
) |
|
106 |
response.set_header('content-disposition', '%s; filename="%s"' % (content_disposition, filename)) |
|
107 | 107 | |
108 | 108 |
return file.get_file_pointer().read() |
109 | 109 | |
110 |
- |