assets: check file extension on overwrite (#30897)
This commit is contained in:
parent
ef58cc3235
commit
beefe2c348
|
@ -174,6 +174,17 @@ class AssetOverwrite(FormView):
|
|||
raise PermissionDenied()
|
||||
|
||||
upload = self.request.FILES['upload']
|
||||
|
||||
# check that the new file and the original have the same extension
|
||||
ext_orig = os.path.splitext(img_orig)[1].lower()
|
||||
ext_upload = os.path.splitext(upload.name)[1].lower()
|
||||
if ext_orig != ext_upload:
|
||||
messages.error(
|
||||
self.request,
|
||||
_('You have to upload a file with the same extension (%(ext)s).')
|
||||
% {'ext': ext_orig})
|
||||
return super(AssetOverwrite, self).form_valid(form)
|
||||
|
||||
default_storage.delete(img_orig)
|
||||
if getattr(settings, 'CKEDITOR_IMAGE_BACKEND', None):
|
||||
thumb = ckeditor.utils.get_thumb_filename(img_orig)
|
||||
|
|
|
@ -769,9 +769,11 @@ def test_asset_management(app, admin_user):
|
|||
|
||||
# check overwriting
|
||||
resp = resp.click('Overwrite')
|
||||
resp.form['upload'] = Upload('test.png',
|
||||
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),
|
||||
'image/png')
|
||||
# test with the same extension but uppercased
|
||||
resp.form['upload'] = Upload(
|
||||
'test.PNG',
|
||||
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),
|
||||
'image/png')
|
||||
resp = resp.form.submit().follow()
|
||||
|
||||
resp.click('test.png')
|
||||
|
@ -780,6 +782,20 @@ def test_asset_management(app, admin_user):
|
|||
thumbnail_contents_new = open(thumbnail_path, mode='rb').read()
|
||||
assert thumbnail_contents_new != thumbnail_contents
|
||||
|
||||
# try to overwrite with a different mimetype
|
||||
resp = resp.click('Overwrite')
|
||||
resp.form['upload'] = Upload(
|
||||
'test.pdf',
|
||||
base64.decodestring(b'iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAAAAAA6fptVAAAACklEQVQI12NgAgAABAADRWoApgAA\nAABJRU5ErkJggg=='),
|
||||
'application/pdf')
|
||||
with mock.patch('combo.apps.assets.views.default_storage.delete') as mock_delete:
|
||||
resp = resp.form.submit().follow()
|
||||
# original file was not deleted
|
||||
assert mock_delete.call_args_list == []
|
||||
messages = resp.context['messages']
|
||||
assert len(messages._loaded_messages) == 1
|
||||
assert messages._loaded_messages[0].message == 'You have to upload a file with the same extension (.png).'
|
||||
|
||||
# test deletion
|
||||
resp = resp.click('Delete')
|
||||
assert 'Are you sure you want to delete' in resp.text
|
||||
|
|
Loading…
Reference in New Issue