#28132: File upload crash with "TemporaryFileUploadHandler object has no
attribute
'file'" error
-------------------------------------+-------------------------------------
Reporter: Michal Čihař | Owner: nobody
Type: Bug | Status: new
Component: File | Version: master
uploads/storage |
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Michael Brown):
* cc: Michael Brown (added)
* status: closed => new
* has_patch: 0 => 1
* version: 1.10 => master
* resolution: needsinfo =>
Comment:
I figured out how to reproduce this bug. It occurs whenever an uploaded
filename ends in "/".
I have a pull request open here:
https://github.com/django/django/pull/13035
This is caused by a blank filename after it is sanitized. Although
MultiPartParser.parse() sanitizes and checks for empty filenames before
handling the uploaded file, the filename can later be blank after it is
sanitized in django.core.files.uploadedfile.UploadedFile._set_name.
For UploadedFile objects, the truthiness is False when filename is blank,
so the MemoryFileUploadHandler returns an object that evaluates to False.
In MultiPartParser.handle_file_complete, the return value from
handler.file_complete() is checked for truthiness. That handler is
erroneously skipped because of the blank filename and the next handler is
called, even though the next handler never had new_file() called on it.
My patch adds another sanitize step for the filename in
MultiPartParser.parse(), which is the same step performed in UploadedFile:
{{{
file_name = os.path.basename(file_name)
}}}
It also checks for None instead of truthiness to determine when handlers
are skipped in MultiPartParser.handle_file_complete():
{{{
file_obj = handler.file_complete(counters[i])
- if file_obj:
+ if file_obj is not None:
}}}
I don't think any documentation updates are needed, since the docs for
FileUploadHandler.file_complete() say "Handlers may also return None to
indicate that the UploadedFile object should come from subsequent upload
handlers." I don't know if this could be a backward compatibility problem
for 3rd-party code though.
--
Ticket URL: <https://code.djangoproject.com/ticket/28132#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.faf4c3eb5496bfbe64b92c173973f261%40djangoproject.com.
