From 3c0e04afe752e0a0912fe0aacc2393898ac08a77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Fri, 15 Mar 2024 20:27:14 +0100 Subject: [PATCH] api: ignore invalid base64 data when receiving file fields (#88248) --- tests/test_fields.py | 11 +++++++++++ wcs/fields/file.py | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/tests/test_fields.py b/tests/test_fields.py index 2e450cbd1..bbe473655 100644 --- a/tests/test_fields.py +++ b/tests/test_fields.py @@ -915,6 +915,17 @@ def test_file_convert_from_anything(): assert value.get_file_pointer().read() == b'hello' +def test_file_from_json_value(pub): + value = fields.FileField().from_json_value({'content': 'aGVsbG8=', 'filename': 'test.txt'}) + assert value.base_filename == 'test.txt' + assert value.get_file_pointer().read() == b'hello' + + value = fields.FileField().from_json_value( + {'content': 'aGVsbG8', 'filename': 'test.txt'} # invalid padding + ) + assert value is None + + def test_new_field_type_options(pub): pub.load_site_options() if not pub.site_options.has_section('options'): diff --git a/wcs/fields/file.py b/wcs/fields/file.py index e23733be7..5325414fd 100644 --- a/wcs/fields/file.py +++ b/wcs/fields/file.py @@ -237,7 +237,10 @@ class FileField(WidgetField): def from_json_value(self, value): if value and 'filename' in value and 'content' in value: - content = base64.b64decode(value['content']) + try: + content = base64.b64decode(value['content']) + except ValueError: + return None content_type = value.get('content_type', 'application/octet-stream') if content_type.startswith('text/'): charset = 'utf-8'