From fb4c55d9ec4bb812a7fb91fa20510d91645e411b Mon Sep 17 00:00:00 2001
From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Date: Thu, 13 Apr 2023 10:10:56 +0200
Subject: Fixed CVE-2023-31047, Fixed #31710 -- Prevented potential bypass of
 validation when uploading multiple files using one form field.

Thanks Moataz Al-Sharida and nawaik for reports.

Co-authored-by: Shai Berger <shai@platonix.com>
Co-authored-by: nessita <124304+nessita@users.noreply.github.com>
---
 tests/forms_tests/widget_tests/test_clearablefileinput.py | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'tests/forms_tests/widget_tests/test_clearablefileinput.py')

diff --git a/tests/forms_tests/widget_tests/test_clearablefileinput.py b/tests/forms_tests/widget_tests/test_clearablefileinput.py
index 8d5f0c5f98..53b84cc0ec 100644
--- a/tests/forms_tests/widget_tests/test_clearablefileinput.py
+++ b/tests/forms_tests/widget_tests/test_clearablefileinput.py
@@ -245,3 +245,8 @@ class ClearableFileInputTest(WidgetTest):
             '<input type="file" name="clearable_file" id="id_clearable_file"></div>',
             form.render(),
         )
+
+    def test_multiple_error(self):
+        msg = "ClearableFileInput doesn't support uploading multiple files."
+        with self.assertRaisesMessage(ValueError, msg):
+            ClearableFileInput(attrs={"multiple": True})
-- 
cgit v1.3