django.git/django/http/multipartparser.py, branch 4.2.29

django.git/django/http/multipartparser.py, branch 4.2.29 django http://cgit.adnoto.dev/django.git/atom?h=4.2.29 2023-02-14T07:21:18Z [4.2.x] Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files. 2023-02-14T07:21:18Z Markus Holtermann info@markusholtermann.eu 2022-12-13T09:27:39Z urn:sha1:7ac5ff37b822c14e5b6be99da7f618eb1fe06062 Thanks to Jakob Ackermann for the report. Updated documentation and comments for RFC updates. 2022-11-10T12:52:17Z Nick Pope nick@nickpope.me.uk 2022-11-04T12:33:09Z urn:sha1:9bd174b9a75299dce33e673a559f2b673399b971 - Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing boundary streams. 2022-06-28T07:42:47Z Mehrdad mhrddmoradii@gmail.com 2022-06-24T18:46:34Z urn:sha1:d4d5427571b4bf3a21c902276c2a00215c2a37cc This also removes unused parse_header() and _parse_header_params() helpers in django.http.multipartparser. Removed unnecessary _parse_header() from MultiPartParser. 2022-06-28T07:27:03Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-06-28T07:27:03Z urn:sha1:bff5c114be2b7a3fbc735c232abcc6ad4db89a9d Reraising ValueError was unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2. Refs #33697 -- Made MultiPartParser use django.utils.http.parse_header_parameters() for parsing Content-Type header. 2022-06-03T19:37:29Z Mehrdad mhrddmoradii@gmail.com 2022-06-03T05:30:24Z urn:sha1:49b470b9187b6be60e573fed08c8f4a87f133750 Refs #33697 -- Fixed multipart parsing of headers with double quotes and semicolons. 2022-06-01T08:11:07Z Mehrdad mhrddmoradii@gmail.com 2022-05-27T17:18:06Z urn:sha1:93cedc82f29076c824d476354527af1150888e4f See https://github.com/python/cpython/commit/1ef0c0349e8fdb5415e21231cb42edbf232b742a Refs #33173 -- Removed use of deprecated cgi module. 2022-05-11T12:06:31Z Carlton Gibson carlton.gibson@noumenal.es 2022-05-10T10:12:17Z urn:sha1:34e2148fc725e7200050f74130d7523e3cd8507a https://peps.python.org/pep-0594/#cgi Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07T19:37:05Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-04T07:08:27Z urn:sha1:7119f40c9881666b6f9b5cf7df09ee1d21cc8344 Refs #33476 -- Reformatted code with Black. 2022-02-07T19:37:05Z django-bot ops@djangoproject.com 2022-02-03T19:24:19Z urn:sha1:9c19aff7c7561e3a82978a272ecdaad40dda5c00 Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads. 2022-02-01T06:41:40Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-01-21T06:50:03Z urn:sha1:fc18f36c4ab94399366ca2f2007b3692559a6f23 Thanks Alan Ryan for the report and initial patch.