summaryrefslogtreecommitdiff
path: root/django/http/multipartparser.py
Commit message (Collapse)AuthorAgeFilesLines
* Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann2023-02-141-13/+51
| | | | Thanks to Jakob Ackermann for the report.
* Updated documentation and comments for RFC updates.Nick Pope2022-11-101-1/+1
| | | | | | | | | | | | | | | - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
* Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing ↵Mehrdad2022-06-281-49/+2
| | | | | | | boundary streams. This also removes unused parse_header() and _parse_header_params() helpers in django.http.multipartparser.
* Removed unnecessary _parse_header() from MultiPartParser.Mariusz Felisiak2022-06-281-10/+3
| | | | Reraising ValueError was unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
* Refs #33697 -- Made MultiPartParser use ↵Mehrdad2022-06-031-6/+7
| | | | django.utils.http.parse_header_parameters() for parsing Content-Type header.
* Refs #33697 -- Fixed multipart parsing of headers with double quotes and ↵Mehrdad2022-06-011-1/+1
| | | | | | semicolons. See https://github.com/python/cpython/commit/1ef0c0349e8fdb5415e21231cb42edbf232b742a
* Refs #33173 -- Removed use of deprecated cgi module.Carlton Gibson2022-05-111-2/+4
| | | | https://peps.python.org/pep-0594/#cgi
* Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak2022-02-071-5/+8
|
* Refs #33476 -- Reformatted code with Black.django-bot2022-02-071-73/+107
|
* Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.Mariusz Felisiak2022-02-011-0/+2
| | | | Thanks Alan Ryan for the report and initial patch.
* Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names.Hrushikesh Vaidya2022-01-201-0/+2
|
* Updated various links to HTTPS and new locations.Mariusz Felisiak2021-12-021-1/+1
| | | | Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
* Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner2021-05-041-4/+18
|
* Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.Mariusz Felisiak2021-04-061-5/+8
| | | | | Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report.
* Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.aryan2020-09-301-0/+7
| | | | | | This patch allows upload handlers to handle interrupted uploads. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
* Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash.Michael Brown2020-06-111-0/+2
|
* Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.0072020-02-281-3/+3
|
* Refs #27753 -- Deprecated django.utils.text.unescape_entities().Jon Dufresne2019-05-081-2/+2
| | | | | | | The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4.
* Removed unnecessary assignments in various code.Jon Dufresne2019-04-241-2/+1
|
* Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart ↵Tim Graham2019-03-021-1/+4
| | | | request.
* Fixed #30227 -- Fixed crash on request without boundary in Content-Type.Tim Graham2019-03-021-1/+1
|
* Optimized iterator exhaustion using collections.deque().Nick Pope2019-02-141-3/+2
|
* Refs #27753 -- Favored force/smart_str() over force/smart_text().Aymeric Augustin2019-02-061-5/+5
|
* Fixed #28930 -- Simplified code with any() and all().Дилян Палаузов2017-12-261-5/+2
|
* Removed unused eof argument to BoundaryIter._find_boundary().Mariusz Felisiak2017-09-221-2/+2
| | | Unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
* Fixed #28226 -- Replaced use of str.join() with concatenation.Tom2017-05-271-1/+1
|
* Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257.Anton Samarchyan2017-02-201-13/+10
|
* Fixed #27308 -- Fixed BytesWarnings in the test suite.Tim Graham2017-02-171-1/+1
|
* Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis2017-01-261-1/+1
|
* Corrected http.multipartparser.exhaust() docstring.Tim Graham2017-01-251-5/+1
| | | | | MultiPartParserError was removed in ebf34c3cdcd2c75349c60a064427ac255958bf9b.
* Removed unused variables that are overwritten.Mads Jensen2017-01-251-4/+0
|
* Refs #23919 -- Replaced six.reraise by raiseClaude Paroz2017-01-221-5/+2
|
* Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette2017-01-191-2/+2
|
* Refs #23919 -- Removed most of remaining six usageClaude Paroz2017-01-181-5/+5
| | | | Thanks Tim Graham for the review.
* Refs #23919 -- Removed six.<various>_types usageClaude Paroz2017-01-181-1/+1
| | | | Thanks Tim Graham and Simon Charette for the reviews.
* Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz2017-01-181-7/+2
| | | | Thanks Tim Graham for the review.
* Refs #23919 -- Removed encoding preambles and future importsClaude Paroz2017-01-181-2/+0
|
* Refs #17235 -- Made MultiPartParser leave request.POST immutable.Vinay Karanam2016-12-071-0/+1
|
* Fixed E305 flake8 warnings.Ramin Farajpour Cami2016-11-141-0/+1
|
* Fixed comment typo in multiparser.pyJon Dufresne2016-06-051-1/+1
|
* Made style improvements to multipartparser.pyAsif Saifuddin Auvi2016-06-041-29/+28
|
* Fixed #21231 -- Enforced a max size for GET/POST values read into memory.Andre Cruz2016-05-121-3/+34
| | | | Thanks Tom Christie for review.
* Removed HTTP prefixed CONTENT_TYPE/LENGTH headers in MultiPartParser.Tim Graham2016-05-061-2/+2
| | | | | | | The docs say that these headers always appear without the HTTP_ prefix. This may have been an oversight when they were added in d725cc9734272f867d41f7236235c28b3931a1b2, the only commit that uses these names.
* Refs #22897 -- Removed unneeded empty string QueryDict argument.Tim Graham2016-05-031-2/+2
|
* Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an ↵John-Mark Bell2016-03-071-2/+3
| | | | empty string.
* Refs #23763 -- Fixed Python 3.5 PendingDeprecationWarning in LazyStream.Tim Graham2015-06-171-6/+9
| | | | | Fixed "PendingDeprecationWarning: generator 'LazyStream.read.<locals>.parts' raised StopIteration" per PEP 0479.
* Sorted imports with isort; refs #23860.Tim Graham2015-02-061-2/+4
|
* Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headersRaul Cumplido2015-01-271-1/+2
| | | | Thanks Tom Christie for the report and review.
* Fixed #23397 -- Stripped whitespace from base64 during chunkingJason Hobbs2014-09-131-6/+11
| | | | | This insures the actual base64 content has a length a multiple of 4. Also added a test case for the failure.
* Fixed #22971 -- Properly parsed RFC 2388 encoded headersClaude Paroz2014-08-141-0/+13
| | | | | Thanks homm for the report, Cea Stapleton for patch improvements and Ian Cordasco, Christian Schmitt and Tim Graham for the review.
View Lorry Controller Status