#28132: File upload crash with "TemporaryFileUploadHandler object has no
attribute
'file'" error
-------------------------------------+-------------------------------------
Reporter: Michal Čihař | Owner: nobody
Type: Bug | Status: new
Component: File | Version: master
uploads/storage |
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Andrew Brown):
I worked with Michael to help track this down. In the process, I came up
with this curl command that reproduces the bug. Since the multipart
request parsing happens so early in the request processing, I believe this
will trigger a 500 error on any django view on any deployment that uses
the default set of file upload handlers.
{{{
curl http://localhost:8080/ -H "Content-Type: multipart/form-data;
boundary=BoUnDaRy" --data-binary $'Content-Disposition: form-data;
name=\"foo\"; filename=\"foo/\"\r\n\r\nfoo\r\n--BoUnDaRy\r\n' -b
csrftoken=foo
}}}
(change the url to point at your local django dev server)
Once patched, this command should error out at the lack of a csrf token in
the form data.
--
Ticket URL: <https://code.djangoproject.com/ticket/28132#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/063.f73e290a3f9df7bbe4f0b2971c4620ec%40djangoproject.com.
