diff options
| author | Malcolm Tredinnick <malcolm.tredinnick@gmail.com> | 2008-07-26 22:48:51 +0000 |
|---|---|---|
| committer | Malcolm Tredinnick <malcolm.tredinnick@gmail.com> | 2008-07-26 22:48:51 +0000 |
| commit | 103d484807050c00d02641aa04670cea8d0e68a4 (patch) | |
| tree | d108c735cee6847ac3b06fce3c6688cd37a011c2 /tests | |
| parent | e29aece743df644cdaa7d8506c6491ac9c1db061 (diff) | |
Fixed #7658 -- Added some Windows-specific tempfile handling. The standard
stuff doesn't work with the way Django's file uploading code wants to operate.
Patch from Mike Axiak.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@8096 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/regressiontests/file_uploads/tests.py | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/tests/regressiontests/file_uploads/tests.py b/tests/regressiontests/file_uploads/tests.py index 601fc92688..aada1e1ff2 100644 --- a/tests/regressiontests/file_uploads/tests.py +++ b/tests/regressiontests/file_uploads/tests.py @@ -2,9 +2,9 @@ import os import errno import sha import shutil -import tempfile import unittest +from django.core.files import temp as tempfile from django.core.files.uploadedfile import SimpleUploadedFile from django.test import TestCase, client from django.utils import simplejson @@ -22,7 +22,7 @@ class FileUploadTests(TestCase): def test_large_upload(self): tdir = tempfile.gettempdir() - + file1 = tempfile.NamedTemporaryFile(suffix=".file1", dir=tdir) file1.write('a' * (2 ** 21)) file1.seek(0) @@ -58,11 +58,11 @@ class FileUploadTests(TestCase): pass self.assertEqual(response.status_code, 200) - + def test_dangerous_file_names(self): """Uploaded file names should be sanitized before ever reaching the view.""" # This test simulates possible directory traversal attacks by a - # malicious uploader We have to do some monkeybusiness here to construct + # malicious uploader We have to do some monkeybusiness here to construct # a malicious payload with an invalid file name (containing os.sep or # os.pardir). This similar to what an attacker would need to do when # trying such an attack. @@ -79,7 +79,7 @@ class FileUploadTests(TestCase): "..\\..\\hax0rd.txt", # Relative path, win-style. "../..\\hax0rd.txt" # Relative path, mixed. ] - + payload = [] for i, name in enumerate(scary_file_names): payload.extend([ @@ -93,7 +93,7 @@ class FileUploadTests(TestCase): '--' + client.BOUNDARY + '--', '', ]) - + payload = "\r\n".join(payload) r = { 'CONTENT_LENGTH': len(payload), @@ -109,7 +109,7 @@ class FileUploadTests(TestCase): for i, name in enumerate(scary_file_names): got = recieved["file%s" % i] self.assertEqual(got, "hax0rd.txt") - + def test_filename_overflow(self): """File names over 256 characters (dangerous on some platforms) get fixed up.""" name = "%s.txt" % ("f"*500) @@ -131,26 +131,26 @@ class FileUploadTests(TestCase): } got = simplejson.loads(self.client.request(**r).content) self.assert_(len(got['file']) < 256, "Got a long file name (%s characters)." % len(got['file'])) - + def test_custom_upload_handler(self): - # A small file (under the 5M quota) + # A small file (under the 5M quota) smallfile = tempfile.NamedTemporaryFile() smallfile.write('a' * (2 ** 21)) # A big file (over the quota) bigfile = tempfile.NamedTemporaryFile() bigfile.write('a' * (10 * 2 ** 20)) - + # Small file posting should work. response = self.client.post('/file_uploads/quota/', {'f': open(smallfile.name)}) got = simplejson.loads(response.content) self.assert_('f' in got) - + # Large files don't go through. response = self.client.post("/file_uploads/quota/", {'f': open(bigfile.name)}) got = simplejson.loads(response.content) self.assert_('f' not in got) - + def test_broken_custom_upload_handler(self): f = tempfile.NamedTemporaryFile() f.write('a' * (2 ** 21)) @@ -189,7 +189,7 @@ class FileUploadTests(TestCase): class DirectoryCreationTests(unittest.TestCase): """ - Tests for error handling during directory creation + Tests for error handling during directory creation via _save_FIELD_file (ticket #6450) """ def setUp(self): @@ -221,7 +221,7 @@ class DirectoryCreationTests(unittest.TestCase): except IOError, err: # The test needs to be done on a specific string as IOError # is raised even without the patch (just not early enough) - self.assertEquals(err.args[0], + self.assertEquals(err.args[0], "%s exists and is not a directory" % UPLOAD_TO) except: self.fail("IOError not raised") |
