0001-form-fix-uploaded-file-mime-types-with-server-side-d.patch
| tests/test_form_pages.py | ||
|---|---|---|
| 1248 | 1248 |
assert resp.content_type == 'text/plain' |
| 1249 | 1249 |
assert resp.body == 'foobar' |
| 1250 | 1250 | |
| 1251 |
def test_form_file_field_submit_wrong_mimetype(pub): |
|
| 1252 |
formdef = create_formdef() |
|
| 1253 |
formdef.fields = [fields.FileField(id='0', label='file')] |
|
| 1254 |
formdef.store() |
|
| 1255 |
formdef.data_class().wipe() |
|
| 1256 | ||
| 1257 |
upload = Upload('test.txt', 'foobar', 'application/force-download')
|
|
| 1258 | ||
| 1259 |
resp = get_app(pub).get('/test/')
|
|
| 1260 |
resp.forms[0]['f0$file'] = upload |
|
| 1261 |
resp = resp.forms[0].submit('submit')
|
|
| 1262 |
assert 'Check values then click submit.' in resp.body |
|
| 1263 |
resp = resp.forms[0].submit('submit')
|
|
| 1264 |
assert resp.status_int == 302 |
|
| 1265 |
resp = resp.follow() |
|
| 1266 |
assert 'The form has been recorded' in resp.body |
|
| 1267 |
resp = resp.click('test.txt')
|
|
| 1268 |
assert resp.location.endswith('/test.txt')
|
|
| 1269 |
resp = resp.follow() |
|
| 1270 |
assert resp.content_type == 'text/plain' |
|
| 1271 |
assert resp.body == 'foobar' |
|
| 1272 | ||
| 1273 |
upload = Upload('test.pdf', '%PDF-1.4 ...', 'application/force-download')
|
|
| 1274 | ||
| 1275 |
resp = get_app(pub).get('/test/')
|
|
| 1276 |
resp.forms[0]['f0$file'] = upload |
|
| 1277 |
resp = resp.forms[0].submit('submit')
|
|
| 1278 |
assert 'Check values then click submit.' in resp.body |
|
| 1279 |
resp = resp.forms[0].submit('submit')
|
|
| 1280 |
assert resp.status_int == 302 |
|
| 1281 |
resp = resp.follow() |
|
| 1282 |
assert 'The form has been recorded' in resp.body |
|
| 1283 |
resp = resp.click('test.pdf')
|
|
| 1284 |
assert resp.location.endswith('/test.pdf')
|
|
| 1285 |
resp = resp.follow() |
|
| 1286 |
assert resp.content_type == 'application/pdf' |
|
| 1287 |
assert resp.body == '%PDF-1.4 ...' |
|
| 1288 | ||
| 1251 | 1289 |
def test_formdata_attachment_download(pub): |
| 1252 | 1290 |
create_user(pub) |
| 1253 | 1291 |
wf = Workflow(name='status') |
| wcs/qommon/form.py | ||
|---|---|---|
| 630 | 630 |
# there's no file, the other checks are irrelevant. |
| 631 | 631 |
return |
| 632 | 632 | |
| 633 |
# Don't trust the browser supplied MIME type, update the Upload object |
|
| 634 |
# with a MIME type created with magic (or based on the extension if the |
|
| 635 |
# module is missing). |
|
| 636 |
# |
|
| 637 |
# This also helps people uploading PDF files that were downloaded from |
|
| 638 |
# sites setting a wrong MIME type (like application/force-download) for |
|
| 639 |
# various reasons. |
|
| 640 |
if magic: |
|
| 641 |
magic_object = magic.open(magic.MIME) |
|
| 642 |
magic_object.load() |
|
| 643 |
filetype = magic_object.file(self.value.fp.name).split(';')[0]
|
|
| 644 |
magic_object.close() |
|
| 645 |
else: |
|
| 646 |
filetype, encoding = mimetypes.guess_type(self.value.base_filename) |
|
| 647 | ||
| 648 |
if not filetype: |
|
| 649 |
filetype = 'application/octet-stream' |
|
| 650 | ||
| 651 |
self.value.content_type = filetype |
|
| 652 | ||
| 633 | 653 |
if self.max_file_size: |
| 634 | 654 |
# validate file size |
| 635 | 655 |
file_size = os.path.getsize(self.value.fp.name) |
| ... | ... | |
| 642 | 662 |
for file_type in self.file_type: |
| 643 | 663 |
accepted_file_types.extend(file_type.split(','))
|
| 644 | 664 | |
| 645 |
if magic: |
|
| 646 |
magic_object = magic.open(magic.MIME) |
|
| 647 |
magic_object.load() |
|
| 648 |
filetype = magic_object.file(self.value.fp.name).split(';')[0]
|
|
| 649 |
magic_object.close() |
|
| 650 |
else: |
|
| 651 |
filetype, encoding = mimetypes.guess_type(self.value.base_filename) |
|
| 652 |
if not filetype: |
|
| 653 |
filetype = 'application/octet-stream' |
|
| 654 | ||
| 655 | 665 |
valid_file_type = False |
| 656 | 666 |
for accepted_file_type in accepted_file_types: |
| 657 | 667 |
# fnmatch is used to handle generic mimetypes, like |
| 658 | 668 |
# image/* |
| 659 |
if fnmatch.fnmatch(filetype, accepted_file_type):
|
|
| 669 |
if fnmatch.fnmatch(self.value.content_type, accepted_file_type):
|
|
| 660 | 670 |
valid_file_type = True |
| 661 | 671 |
break |
| 662 | 672 |
if not valid_file_type: |
| 663 |
- |
|