summaryrefslogtreecommitdiff
path: root/django/http/multipartparser.py
AgeCommit message (Collapse)Author
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/24.1.0
2023-11-24Fixed #34968 -- Made multipart parsing of headers raise an error on too long ↵Standa Opichal
headers. This also allow customizing the maximum size of headers via MAX_TOTAL_HEADER_SIZE.
2023-02-14Fixed CVE-2023-24580 -- Prevented DoS with too many uploaded files.Markus Holtermann
Thanks to Jakob Ackermann for the report.
2022-11-10Updated documentation and comments for RFC updates.Nick Pope
- Updated references to RFC 1123 to RFC 5322 - Only partial as RFC 5322 sort of sub-references RFC 1123. - Updated references to RFC 2388 to RFC 7578 - Except RFC 2388 Section 5.3 which has no equivalent. - Updated references to RFC 2396 to RFC 3986 - Updated references to RFC 2616 to RFC 9110 - Updated references to RFC 3066 to RFC 5646 - Updated references to RFC 7230 to RFC 9112 - Updated references to RFC 7231 to RFC 9110 - Updated references to RFC 7232 to RFC 9110 - Updated references to RFC 7234 to RFC 9111 - Tidied up style of text when referring to RFC documents
2022-06-28Refs #33697 -- Used django.utils.http.parse_header_parameters() for parsing ↵Mehrdad
boundary streams. This also removes unused parse_header() and _parse_header_params() helpers in django.http.multipartparser.
2022-06-28Removed unnecessary _parse_header() from MultiPartParser.Mariusz Felisiak
Reraising ValueError was unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
2022-06-03Refs #33697 -- Made MultiPartParser use ↵Mehrdad
django.utils.http.parse_header_parameters() for parsing Content-Type header.
2022-06-01Refs #33697 -- Fixed multipart parsing of headers with double quotes and ↵Mehrdad
semicolons. See https://github.com/python/cpython/commit/1ef0c0349e8fdb5415e21231cb42edbf232b742a
2022-05-11Refs #33173 -- Removed use of deprecated cgi module.Carlton Gibson
https://peps.python.org/pep-0594/#cgi
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-02-01Fixed CVE-2022-23833 -- Fixed DoS possiblity in file uploads.Mariusz Felisiak
Thanks Alan Ryan for the report and initial patch.
2022-01-20Fixed #33062 -- Made MultiPartParser remove non-printable chars from file names.Hrushikesh Vaidya
2021-12-02Updated various links to HTTPS and new locations.Mariusz Felisiak
Co-Authored-By: Nick Pope <nick@nickpope.me.uk>
2021-05-04Fixed CVE-2021-31542 -- Tightened path & file name sanitation in file uploads.Florian Apolloner
2021-04-06Fixed CVE-2021-28658 -- Fixed potential directory-traversal via uploaded files.Mariusz Felisiak
Thanks Claude Paroz for the initial patch. Thanks Dennis Brinkrolf for the report.
2020-09-30Fixed #30422 -- Made TemporaryFileUploadHandler handle interrupted uploads.aryan
This patch allows upload handlers to handle interrupted uploads. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-06-11Fixed #28132 -- Made MultiPartParser ignore filenames with trailing slash.Michael Brown
2020-02-28Fixed #31293 -- Allowed MultiPartParser to handle double-quoted encoded headers.007
2019-05-08Refs #27753 -- Deprecated django.utils.text.unescape_entities().Jon Dufresne
The function was undocumented and only required for compatibility with Python 2. Code should use Python's html.unescape() that was added in Python 3.4.
2019-04-24Removed unnecessary assignments in various code.Jon Dufresne
2019-03-02Refs #30227 -- Added helpful message for non-ASCII Content-Type in mulitpart ↵Tim Graham
request.
2019-03-02Fixed #30227 -- Fixed crash on request without boundary in Content-Type.Tim Graham
2019-02-14Optimized iterator exhaustion using collections.deque().Nick Pope
2019-02-06Refs #27753 -- Favored force/smart_str() over force/smart_text().Aymeric Augustin
2017-12-26Fixed #28930 -- Simplified code with any() and all().Дилян Палаузов
2017-09-22Removed unused eof argument to BoundaryIter._find_boundary().Mariusz Felisiak
Unused since its introduction in d725cc9734272f867d41f7236235c28b3931a1b2.
2017-05-27Fixed #28226 -- Replaced use of str.join() with concatenation.Tom
2017-02-20Refs #27656 -- Updated django.forms/http docstring verbs according to PEP 257.Anton Samarchyan
2017-02-17Fixed #27308 -- Fixed BytesWarnings in the test suite.Tim Graham
2017-01-26Refs #23919, #27778 -- Removed obsolete mentions of unicode.Vytis Banaitis
2017-01-25Corrected http.multipartparser.exhaust() docstring.Tim Graham
MultiPartParserError was removed in ebf34c3cdcd2c75349c60a064427ac255958bf9b.
2017-01-25Removed unused variables that are overwritten.Mads Jensen
2017-01-22Refs #23919 -- Replaced six.reraise by raiseClaude Paroz
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Removed most of remaining six usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed six.PY2/PY3 usageClaude Paroz
Thanks Tim Graham for the review.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-12-07Refs #17235 -- Made MultiPartParser leave request.POST immutable.Vinay Karanam
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2016-06-05Fixed comment typo in multiparser.pyJon Dufresne
2016-06-04Made style improvements to multipartparser.pyAsif Saifuddin Auvi
2016-05-12Fixed #21231 -- Enforced a max size for GET/POST values read into memory.Andre Cruz
Thanks Tom Christie for review.
2016-05-06Removed HTTP prefixed CONTENT_TYPE/LENGTH headers in MultiPartParser.Tim Graham
The docs say that these headers always appear without the HTTP_ prefix. This may have been an oversight when they were added in d725cc9734272f867d41f7236235c28b3931a1b2, the only commit that uses these names.
2016-05-03Refs #22897 -- Removed unneeded empty string QueryDict argument.Tim Graham
2016-03-07Fixed #26325 -- Made MultiPartParser ignore filenames that normalize to an ↵John-Mark Bell
empty string.
2015-06-17Refs #23763 -- Fixed Python 3.5 PendingDeprecationWarning in LazyStream.Tim Graham
Fixed "PendingDeprecationWarning: generator 'LazyStream.read.<locals>.parts' raised StopIteration" per PEP 0479.
2015-02-06Sorted imports with isort; refs #23860.Tim Graham
2015-01-27Fixed #24209 -- Prevented crash when parsing malformed RFC 2231 headersRaul Cumplido
Thanks Tom Christie for the report and review.