Mercurial > agora-palash

changeset 135:f299232c82e8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Perform basic validation on snippet file uploads To prevent users from uploading binary files. This is not a complete fix.
author dellsystem <ilostwaldo@gmail.com>
date Sat, 22 Sep 2012 12:39:37 -0400
parents 3a850f49eea6
children 9a99feacf8a3
files apps/snippet/forms.py
diffstat 1 files changed, 9 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/apps/snippet/forms.py	Sat Sep 22 12:38:44 2012 -0400
+++ b/apps/snippet/forms.py	Sat Sep 22 12:39:37 2012 -0400
@@ -61,7 +61,15 @@
 
         if file_data:
             file_data.open()
-            cleaned_data['content'] = file_data.read()
+            content_type = file_data.content_type
+
+            # Do some very basic checking of types. NOT SECURE.
+            if (content_type.startswith('text/') or
+                content_type.startswith('application')):
+                cleaned_data['content'] = file_data.read()
+            else:
+                raise forms.ValidationError(_("Please ensure that you upload \
+                    a text file."))
         elif not content:
             # No snippet data specified
             raise forms.ValidationError(_("Please specify some content for \