summaryrefslogtreecommitdiff
path: root/django/http/multipartparser.py
diff options
context:
space:
mode:
Diffstat (limited to 'django/http/multipartparser.py')
-rw-r--r--django/http/multipartparser.py13
1 files changed, 9 insertions, 4 deletions
diff --git a/django/http/multipartparser.py b/django/http/multipartparser.py
index f6f12ca718..5a9cca89e6 100644
--- a/django/http/multipartparser.py
+++ b/django/http/multipartparser.py
@@ -7,6 +7,7 @@ file upload handlers for processing.
import base64
import binascii
import cgi
+import os
from urllib.parse import unquote
from django.conf import settings
@@ -205,7 +206,7 @@ class MultiPartParser:
file_name = disposition.get('filename')
if file_name:
file_name = force_text(file_name, encoding, errors='replace')
- file_name = self.IE_sanitize(unescape_entities(file_name))
+ file_name = self.sanitize_file_name(file_name)
if not file_name:
continue
@@ -293,9 +294,13 @@ class MultiPartParser:
self._files.appendlist(force_text(old_field_name, self._encoding, errors='replace'), file_obj)
break
- def IE_sanitize(self, filename):
- """Cleanup filename from Internet Explorer full paths."""
- return filename and filename[filename.rfind("\\") + 1:].strip()
+ def sanitize_file_name(self, file_name):
+ file_name = unescape_entities(file_name)
+ # Cleanup Windows-style path separators.
+ file_name = file_name[file_name.rfind('\\') + 1:].strip()
+ return os.path.basename(file_name)
+
+ IE_sanitize = sanitize_file_name
def _close_files(self):
# Free up all file handles.
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 05:01:52 +0000