def determine_upload_path(instance, filename):
chunk_size = 1000 # max files per directory
path = getattr(settings, 'USER_AVATAR_PATH', 'images/profiles/')
path = path.lstrip('/').rstrip('/')
return "%(path)s/%(filename)s" % {
'path': path,
'filename': safe_filename(filename)
}
def determine_upload_path(instance, filename):
chunk_size = 1000 # max files per directory
path = getattr(settings, 'USER_AVATAR_PATH', 'images/profiles/')
path = path.lstrip('/').rstrip('/')
return "%(path)s/%(filename)s" % {
'path': path,
'filename': safe_filename(filename)
}
def determine_upload_path(instance, filename):
chunk_size = 1000 # max files per directory
path = getattr(settings, "USER_AVATAR_PATH", "images/profiles/")
path = path.lstrip("/").rstrip("/")
return "%(path)s/%(partition)d/%(filename)s" % {
"path": path,
"partition": get_partition_id(instance.pk, chunk_size),
"filename": safe_filename(filename),
}
def test_filenames_malicious_extension(self):
"""Ensure malicious users can't trick file encoding."""
safe_name = utils.safe_filename('fdasfdsa.index.php')
name, ext = os.path.splitext(safe_name)
assert ext == '.php'
def run_battery(filename):
safe_name = utils.safe_filename(filename)
name, ext = os.path.splitext(safe_name)
assert safe_name != filename
assert len(safe_name) == 32 + len(ext)
assert isinstance(safe_name, str)
def test_filenames_malicious_extension(self):
"""Ensure malicious users can't trick file encoding."""
safe_name = utils.safe_filename('fdasfdsa.index.php')
name, ext = os.path.splitext(safe_name)
assert ext == '.php'
def run_battery(filename):
safe_name = utils.safe_filename(filename)
name, ext = os.path.splitext(safe_name)
assert safe_name != filename
assert len(safe_name) == 32 + len(ext)
assert isinstance(safe_name, str)