Beispiel #1
0
def determine_upload_path(instance, filename):
    chunk_size = 1000  # max files per directory
    path = getattr(settings, 'USER_AVATAR_PATH', 'images/profiles/')
    path = path.lstrip('/').rstrip('/')
    return "%(path)s/%(filename)s" % {
        'path': path,
        'filename': safe_filename(filename)
    }
Beispiel #2
0
def determine_upload_path(instance, filename):
    chunk_size = 1000  # max files per directory
    path = getattr(settings, 'USER_AVATAR_PATH', 'images/profiles/')
    path = path.lstrip('/').rstrip('/')
    return "%(path)s/%(filename)s" % {
        'path': path,
        'filename': safe_filename(filename)
    }
Beispiel #3
0
def determine_upload_path(instance, filename):
    chunk_size = 1000  # max files per directory
    path = getattr(settings, "USER_AVATAR_PATH", "images/profiles/")
    path = path.lstrip("/").rstrip("/")
    return "%(path)s/%(partition)d/%(filename)s" % {
        "path": path,
        "partition": get_partition_id(instance.pk, chunk_size),
        "filename": safe_filename(filename),
    }
Beispiel #4
0
 def test_filenames_malicious_extension(self):
     """Ensure malicious users can't trick file encoding."""
     safe_name = utils.safe_filename('fdasfdsa.index.php')
     name, ext = os.path.splitext(safe_name)
     assert ext == '.php'
Beispiel #5
0
 def run_battery(filename):
     safe_name = utils.safe_filename(filename)
     name, ext = os.path.splitext(safe_name)
     assert safe_name != filename
     assert len(safe_name) == 32 + len(ext)
     assert isinstance(safe_name, str)
Beispiel #6
0
 def test_filenames_malicious_extension(self):
     """Ensure malicious users can't trick file encoding."""
     safe_name = utils.safe_filename('fdasfdsa.index.php')
     name, ext = os.path.splitext(safe_name)
     assert ext == '.php'
Beispiel #7
0
 def run_battery(filename):
     safe_name = utils.safe_filename(filename)
     name, ext = os.path.splitext(safe_name)
     assert safe_name != filename
     assert len(safe_name) == 32 + len(ext)
     assert isinstance(safe_name, str)