Compatibility with https://docs.djangoproject.com/en/3.2/releases/2.2.21/ (CVE).
This commit is contained in:
parent
297c70e5f9
commit
8763de4c97
|
@ -115,6 +115,8 @@ class PushDocument(CommonAPIMixin, GenericAPIView):
|
|||
raise serializers.ValidationError(serializer.errors)
|
||||
|
||||
data = serializer.validated_data
|
||||
if 'file_name' in data:
|
||||
data['file_name'] = data['file_name'].replace('/', '-')
|
||||
|
||||
origin, created = Origin.objects.get_or_create(
|
||||
slug=slugify(data.get('origin')), defaults={'label': data.get('origin')}
|
||||
|
|
|
@ -174,7 +174,7 @@ def test_push_document_slashed_name(app, admin_user, john_doe):
|
|||
assert response.json['result'] == 1
|
||||
assert models.Document.objects.count() == 1
|
||||
doc = models.UserDocument.objects.first()
|
||||
assert doc.filename == 'monfichier 18/06/2017.pdf'
|
||||
assert doc.get_download_url() == '/%s/download/monfichier%%252018%%252F06%%252F2017.pdf' % doc.pk
|
||||
assert doc.filename == 'monfichier 18-06-2017.pdf'
|
||||
assert doc.get_download_url() == '/%s/download/monfichier%%252018-06-2017.pdf' % doc.pk
|
||||
login(app, user=john_doe)
|
||||
app.get(doc.get_download_url(), status=200)
|
||||
|
|
Loading…
Reference in New Issue