Compatibility with https://docs.djangoproject.com/en/3.2/releases/2.2.21/ (CVE).
This commit is contained in:
parent
297c70e5f9
commit
8763de4c97
|
@ -115,6 +115,8 @@ class PushDocument(CommonAPIMixin, GenericAPIView):
|
||||||
raise serializers.ValidationError(serializer.errors)
|
raise serializers.ValidationError(serializer.errors)
|
||||||
|
|
||||||
data = serializer.validated_data
|
data = serializer.validated_data
|
||||||
|
if 'file_name' in data:
|
||||||
|
data['file_name'] = data['file_name'].replace('/', '-')
|
||||||
|
|
||||||
origin, created = Origin.objects.get_or_create(
|
origin, created = Origin.objects.get_or_create(
|
||||||
slug=slugify(data.get('origin')), defaults={'label': data.get('origin')}
|
slug=slugify(data.get('origin')), defaults={'label': data.get('origin')}
|
||||||
|
|
|
@ -174,7 +174,7 @@ def test_push_document_slashed_name(app, admin_user, john_doe):
|
||||||
assert response.json['result'] == 1
|
assert response.json['result'] == 1
|
||||||
assert models.Document.objects.count() == 1
|
assert models.Document.objects.count() == 1
|
||||||
doc = models.UserDocument.objects.first()
|
doc = models.UserDocument.objects.first()
|
||||||
assert doc.filename == 'monfichier 18/06/2017.pdf'
|
assert doc.filename == 'monfichier 18-06-2017.pdf'
|
||||||
assert doc.get_download_url() == '/%s/download/monfichier%%252018%%252F06%%252F2017.pdf' % doc.pk
|
assert doc.get_download_url() == '/%s/download/monfichier%%252018-06-2017.pdf' % doc.pk
|
||||||
login(app, user=john_doe)
|
login(app, user=john_doe)
|
||||||
app.get(doc.get_download_url(), status=200)
|
app.get(doc.get_download_url(), status=200)
|
||||||
|
|
Loading…
Reference in New Issue