It's only getting stuck in part of the loop because you're not putting a action after the phrase you said you are passionate against cve of 23 and you are trying to use it as a JPEG image but then you would have to clarify where the jpeg image needs to resonate to you're just having it boot loop over and over again because you're just telling it to go nowhere I'll fix for you in just a second
Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: django-users@googlegroups.com <django-users@googlegroups.com> on behalf of optimusprime fig <stuartbealesoftw...@gmail.com> Sent: Monday, June 12, 2023 4:15:33 PM To: django-users@googlegroups.com <django-users@googlegroups.com> Subject: Re: Demonstration of patching against CVE-2023-31047 Thank you! I have tried patching to 4.2.1 which disallows the multiple to be set as True on the form widget. However, I have struggled to get a working implementation up that allows multiple images of a certain file type only to be uploaded. I am now able to accidentally allow all file types up even without one file of the required file type as per the app pre-patch. I.e. pre-patch, the form, if submitted with at least one file of the required types, e.g. a JPG, would pass validation and allow potentially harmful file types up onto the server alongside it. Now I can upload all file types regardless. Is it best to scrap all multiple file upload implementations that are set to True for multiple once a patch such as this has been released?And bascially start from scratch, adding in approriate validation for each file, say as part of a loop? Thanks! On Mon, 12 Jun 2023 at 20:47, Sebastian Jung <sebastian.ju...@gmail.com<mailto:sebastian.ju...@gmail.com>> wrote: Use django >= 4.2.1 https://security.snyk.io/vuln/SNYK-UBUNTU2204-PYTHONDJANGO-5492023 5t00 <stuartbealesoftw...@gmail.com<mailto:stuartbealesoftw...@gmail.com>> schrieb am Mo., 12. Juni 2023, 20:32: Hi all, I am new to Django and am looking to demonstrate how the application of a Django patch can prevent against multiple file uploads in light of the recognised vulnerability outlined in CVE-2023-31047. If anyone is able to point me towards any simple examples of multiple file upload app tutorials or github repositories that would have worked pre-patch, and how they might be updated to allow for multiple file uploads whereby all files are validated safely post-patch, that would be greatly appreciated! Thanks in advance :) -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com<mailto:django-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2b457b78-8ed0-4ff7-a7e3-ac7f620583f3n%40googlegroups.com<https://groups.google.com/d/msgid/django-users/2b457b78-8ed0-4ff7-a7e3-ac7f620583f3n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com<mailto:django-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAKGT9mzxPLO6pTWT%2BVraKfF2EqD_HcBxtXtqNtaAu272ZwNNJA%40mail.gmail.com<https://groups.google.com/d/msgid/django-users/CAKGT9mzxPLO6pTWT%2BVraKfF2EqD_HcBxtXtqNtaAu272ZwNNJA%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com<mailto:django-users+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAPBNwvKrRgO4KBCvPa51FMe5xubrNk3zX%2BNEGjfpzD7ke%2BYfOQ%40mail.gmail.com<https://groups.google.com/d/msgid/django-users/CAPBNwvKrRgO4KBCvPa51FMe5xubrNk3zX%2BNEGjfpzD7ke%2BYfOQ%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/DB9P193MB15965F4CF6507D7ACB95AAA3F454A%40DB9P193MB1596.EURP193.PROD.OUTLOOK.COM.
