summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLauréline Guérin <zebuline@entrouvert.com>2019-10-15 08:44:26 (GMT)
committerLauréline Guérin <zebuline@entrouvert.com>2019-10-17 19:24:05 (GMT)
commitbeefe2c348b35295f7bbb7e63e4d9c21e910cbd5 (patch)
tree412910d59a78dfd96a9c2c446bfef6ee8e6535b4
parentef58cc3235604b7708eb11c991bb40161aee81b2 (diff)
downloadcombo-wip/30897-asset-replace.zip
combo-wip/30897-asset-replace.tar.gz
combo-wip/30897-asset-replace.tar.bz2
assets: check file extension on overwrite (#30897)wip/30897-asset-replace
-rw-r--r--combo/apps/assets/views.py11
-rw-r--r--tests/test_manager.py22
2 files changed, 30 insertions, 3 deletions
diff --git a/combo/apps/assets/views.py b/combo/apps/assets/views.py
index e6e5cf3..b261672 100644
--- a/combo/apps/assets/views.py
+++ b/combo/apps/assets/views.py
@@ -174,6 +174,17 @@ class AssetOverwrite(FormView):
raise PermissionDenied()
upload = self.request.FILES['upload']
+
+ # check that the new file and the original have the same extension
+ ext_orig = os.path.splitext(img_orig)[1].lower()
+ ext_upload = os.path.splitext(upload.name)[1].lower()
+ if ext_orig != ext_upload:
+ messages.error(
+ self.request,
+ _('You have to upload a file with the same extension (%(ext)s).')
+ % {'ext': ext_orig})
+ return super(AssetOverwrite, self).form_valid(form)
+
default_storage.delete(img_orig)
if getattr(settings, 'CKEDITOR_IMAGE_BACKEND', None):
thumb = ckeditor.utils.get_thumb_filename(img_orig)
diff --git a/tests/test_manager.py b/tests/test_manager.py
index f60f386..d5c67aa 100644
--- a/tests/test_manager.py
+++ b/tests/test_manager.py
@@ -769,9 +769,11 @@ def test_asset_management(app, admin_user):
# check overwriting
resp = resp.click('Overwrite')
- resp.form['upload'] = Upload('test.png',
- base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),
- 'image/png')
+ # test with the same extension but uppercased
+ resp.form['upload'] = Upload(
+ 'test.PNG',
+ base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),
+ 'image/png')
resp = resp.form.submit().follow()
resp.click('test.png')
@@ -780,6 +782,20 @@ def test_asset_management(app, admin_user):
thumbnail_contents_new = open(thumbnail_path, mode='rb').read()
assert thumbnail_contents_new != thumbnail_contents
+ # try to overwrite with a different mimetype
+ resp = resp.click('Overwrite')
+ resp.form['upload'] = Upload(
+ 'test.pdf',
+ base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),
+ 'application/pdf')
+ with mock.patch('combo.apps.assets.views.default_storage.delete') as mock_delete:
+ resp = resp.form.submit().follow()
+ # original file was not deleted
+ assert mock_delete.call_args_list == []
+ messages = resp.context['messages']
+ assert len(messages._loaded_messages) == 1
+ assert messages._loaded_messages[0].message == 'You have to upload a file with the same extension (.png).'
+
# test deletion
resp = resp.click('Delete')
assert 'Are you sure you want to delete' in resp.text