Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-11-30 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
-+-
 Reporter:  Tim Graham   |Owner:  Henry
 Type:   |  Dang
  Cleanup/optimization   |   Status:  closed
Component:  Core (System |  Version:  1.10
  checks)|
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-

Comment (by Tim Graham ):

 In [changeset:"e6262aaaf8066f2de8aadcc9561941ae64478cef" e6262aaa]:
 {{{
 #!CommitTicketReference repository=""
 revision="e6262aaaf8066f2de8aadcc9561941ae64478cef"
 Refs #27358 -- Removed invalid/unneeded FileField.upload_to in tests/docs.
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.16737ac473badd9ada5c850920113baf%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-11-29 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
-+-
 Reporter:  Tim Graham   |Owner:  Henry
 Type:   |  Dang
  Cleanup/optimization   |   Status:  closed
Component:  Core (System |  Version:  1.10
  checks)|
 Severity:  Normal   |   Resolution:  fixed
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-
Changes (by Tim Graham ):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"7cddd8a02e60332c0d02f565c450b0eea0d88438" 7cddd8a]:
 {{{
 #!CommitTicketReference repository=""
 revision="7cddd8a02e60332c0d02f565c450b0eea0d88438"
 Fixed #27358 -- Added a system check to prevent FileField's upload_to from
 starting with a slash.

 Thanks Frank Bijlsma for the initial patch.
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.c206291381edd6bceb5e5ebb4cbdfc3d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-11-28 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
-+-
 Reporter:  Tim Graham   |Owner:  Henry
 Type:   |  Dang
  Cleanup/optimization   |   Status:  assigned
Component:  Core (System |  Version:  1.10
  checks)|
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-

Comment (by Tim Graham):

 François, I'm not sure how/if your idea is related to this ticket?

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.4cc7660ff114fa8fa7e396f23f38cd07%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-11-26 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
-+-
 Reporter:  Tim Graham   |Owner:  Henry
 Type:   |  Dang
  Cleanup/optimization   |   Status:  assigned
Component:  Core (System |  Version:  1.10
  checks)|
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-

Comment (by François Freitag):

 Would it be interesting to check for known potentially dangerous filenames
 [#point1 (1)], such as {{{../index.html}}}?

 [=#point1 (1)]
 
https://www.owasp.org/index.php/Unrestricted_File_Upload#Other_Interesting_Test_Cases

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.ad895f33aac06cba312822f47c3ca43e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-11-26 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
-+-
 Reporter:  Tim Graham   |Owner:  Henry
 Type:   |  Dang
  Cleanup/optimization   |   Status:  assigned
Component:  Core (System |  Version:  1.10
  checks)|
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-
Changes (by Henry Dang):

 * needs_better_patch:  1 => 0


Comment:

 [https://github.com/django/django/pull/7621 PR]

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.9760c6aca84eb3b5f98c2554679e1999%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-11-23 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
-+-
 Reporter:  Tim Graham   |Owner:  Henry
 Type:   |  Dang
  Cleanup/optimization   |   Status:  assigned
Component:  Core (System |  Version:  1.10
  checks)|
 Severity:  Normal   |   Resolution:
 Keywords:   | Triage Stage:  Accepted
Has patch:  1|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  1
Easy pickings:  1|UI/UX:  0
-+-
Changes (by Henry Dang):

 * owner:  Frank => Henry Dang


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.9bc5aa8043f09090203b388b222e5485%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-11-05 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
--+
 Reporter:  Tim Graham|Owner:  Frank
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  Core (System checks)  |  Version:  1.10
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  1
Easy pickings:  1 |UI/UX:  0
--+
Changes (by Olivier Tabone):

 * cc: olivier.tabone@… (added)


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.47aaf0fd83a41371b8766b386f39affb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-10-27 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
--+
 Reporter:  Tim Graham|Owner:  Frank
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  Core (System checks)  |  Version:  1.10
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  1
Easy pickings:  1 |UI/UX:  0
--+
Changes (by Tim Graham):

 * needs_better_patch:  0 => 1
 * has_patch:  0 => 1


Comment:

 [https://github.com/django/django/pull/7442 PR] with comments for
 improvement.

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.c9eeaa1b158afca29a40f50595821f88%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-10-18 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
--+
 Reporter:  Tim Graham|Owner:  Frank
 Type:  Cleanup/optimization  |   Status:  assigned
Component:  Core (System checks)  |  Version:  1.10
 Severity:  Normal|   Resolution:
 Keywords:| Triage Stage:  Accepted
Has patch:  0 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+
Changes (by Frank):

 * status:  new => assigned
 * owner:  nobody => Frank


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.5bf6f5b0666969bae3781351854d4719%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

[Django] #27358: Add a system check for FileField upload_to starting with a slash

2016-10-17 Thread Django 
#27358: Add a system check for FileField upload_to starting with a slash
+
   Reporter:  Tim Graham|  Owner:  nobody
   Type:  Cleanup/optimization  | Status:  new
  Component:  Core (System checks)  |Version:  1.10
   Severity:  Normal|   Keywords:
   Triage Stage:  Accepted  |  Has patch:  0
Needs documentation:  0 |Needs tests:  0
Patch needs improvement:  0 |  Easy pickings:  1
  UI/UX:  0 |
+
 A leading slash in `upload_to` [http://www.pkshiu.com/loft/archive/2008/05
 /django-tip-no-leading-slash-for-upload_to-for-filefield-and-imagefield
 seems to be a gotcha] for some people new to Django (just came up in
 #django too).

 The message could be something like "Remove the leading slash on upload_to
 as it should be a relative path."

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/052.b8e45c3de0642fce8a972291b999640f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.