mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 14:13:21 +00:00
Fix CVE-2023-31047
This commit is contained in:
parent
e681c17a0f
commit
e1bf7caa9a
@ -79,12 +79,37 @@ def send_file(request, file_id, file_class=SithFile, file_attr="file"):
|
|||||||
return response
|
return response
|
||||||
|
|
||||||
|
|
||||||
|
class MultipleFileInput(forms.ClearableFileInput):
|
||||||
|
allow_multiple_selected = True
|
||||||
|
|
||||||
|
|
||||||
|
class _MultipleFieldMixin:
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
kwargs.setdefault("widget", MultipleFileInput())
|
||||||
|
super().__init__(*args, **kwargs)
|
||||||
|
|
||||||
|
def clean(self, data, initial=None):
|
||||||
|
single_file_clean = super().clean
|
||||||
|
if isinstance(data, (list, tuple)):
|
||||||
|
result = [single_file_clean(d, initial) for d in data]
|
||||||
|
else:
|
||||||
|
result = [single_file_clean(data, initial)]
|
||||||
|
return result
|
||||||
|
|
||||||
|
|
||||||
|
class MultipleFileField(_MultipleFieldMixin, forms.FileField):
|
||||||
|
...
|
||||||
|
|
||||||
|
|
||||||
|
class MultipleImageField(_MultipleFieldMixin, forms.ImageField):
|
||||||
|
...
|
||||||
|
|
||||||
|
|
||||||
class AddFilesForm(forms.Form):
|
class AddFilesForm(forms.Form):
|
||||||
folder_name = forms.CharField(
|
folder_name = forms.CharField(
|
||||||
label=_("Add a new folder"), max_length=30, required=False
|
label=_("Add a new folder"), max_length=30, required=False
|
||||||
)
|
)
|
||||||
file_field = forms.FileField(
|
file_field = MultipleFileField(
|
||||||
widget=forms.ClearableFileInput(attrs={"multiple": True}),
|
|
||||||
label=_("Files"),
|
label=_("Files"),
|
||||||
required=False,
|
required=False,
|
||||||
)
|
)
|
||||||
|
|||||||
@ -20,7 +20,7 @@ homepage = "https://ae.utbm.fr/"
|
|||||||
license = "GPL-3.0-only"
|
license = "GPL-3.0-only"
|
||||||
|
|
||||||
[tool.poetry.dependencies]
|
[tool.poetry.dependencies]
|
||||||
python = "^3.10,<3.12"
|
python = "^3.10,<3.12" # Version is held back by mistune
|
||||||
Django = "^3.2"
|
Django = "^3.2"
|
||||||
Pillow = "^9.2"
|
Pillow = "^9.2"
|
||||||
mistune = "^0.8.4"
|
mistune = "^0.8.4"
|
||||||
|
|||||||
@ -30,7 +30,7 @@ from ajax_select import make_ajax_field
|
|||||||
from ajax_select.fields import AutoCompleteSelectMultipleField
|
from ajax_select.fields import AutoCompleteSelectMultipleField
|
||||||
|
|
||||||
from core.views import CanViewMixin, CanEditMixin
|
from core.views import CanViewMixin, CanEditMixin
|
||||||
from core.views.files import send_file, FileView
|
from core.views.files import send_file, FileView, MultipleImageField
|
||||||
from core.models import SithFile, User, Notification, RealGroup
|
from core.models import SithFile, User, Notification, RealGroup
|
||||||
|
|
||||||
from sas.models import Picture, Album, PeoplePictureRelation
|
from sas.models import Picture, Album, PeoplePictureRelation
|
||||||
@ -40,8 +40,7 @@ class SASForm(forms.Form):
|
|||||||
album_name = forms.CharField(
|
album_name = forms.CharField(
|
||||||
label=_("Add a new album"), max_length=30, required=False
|
label=_("Add a new album"), max_length=30, required=False
|
||||||
)
|
)
|
||||||
images = forms.ImageField(
|
images = MultipleImageField(
|
||||||
widget=forms.ClearableFileInput(attrs={"multiple": True}),
|
|
||||||
label=_("Upload images"),
|
label=_("Upload images"),
|
||||||
required=False,
|
required=False,
|
||||||
)
|
)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user