Hopiu/django-downloadview
1
0
Fork 0
mirror of https://github.com/jazzband/django-downloadview.git synced 2026-03-16 22:40:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
408 commits 4 branches 18 tags 910 KiB
Commit graph

116 commits

Author SHA1 Message Date
pre-commit-ci[bot]
73f9c013cd [pre-commit.ci] auto fixes from pre-commit.com hooks 
for more information, see https://pre-commit.ci
 2025-10-20 19:50:02 +00:00
Rémy HUBSCHER
711b2e50b5
Run pre-commit on all files 2024-08-05 10:53:19 +02:00
Rémy HUBSCHER
18cb41f760
Merge pull request #211 from tari/196-rfd 
Guard against reflected file download
 2024-08-05 10:26:15 +02:00
Rémy HUBSCHER
1b294f00fa
Merge pull request #212 from sevdog/xaccel-headers 
Allow XResponses to keep original headers provided to base response
 2024-08-05 10:23:48 +02:00
Davide
51deef0a7e
Allow XResponses to keep original headers provided to base response 2024-08-01 08:35:53 +02:00
Peter Marheine
0568c3c559 Prevent reflected file downloads on specially-named files 
This fixes #196, where it was observed that django_downloadview
was vulnerable to reflected file download attacks with
specially-named files, similar to CVE-2022-36359 in Django.
This change adopts the same replacement rules as used in Django's fix
in commit b3e4494d759202a3b6bf247fd34455bf13be5b80.
 2024-08-01 06:24:00 +00:00
Peter Marheine
71488c49c4
Merge pull request #204 from sevdog/fix-realdownload-check 
Use safer check in RealDownloadMiddleware
 2024-08-01 09:53:07 +10:00
Davide
d385cbba6f
Use hasattr to check if any of required attribute is present 2024-07-31 16:18:20 +02:00
Peter Marheine
60c1839bf5 Replace use of pkg_resources (setuptools) 
Since Python 3.12, setuptools isn't included with Python
and importlib is the recommended replacement, available
since Python 3.8.
 2024-07-31 11:41:25 +00:00
Peter Marheine
16b241d9b5
Merge pull request #206 from sevdog/upgrade-middleware-doc 
Update usage of middleware settings
 2024-07-30 22:07:22 +10:00
Davide
c51720296a
Update references to middleware settings 2024-07-30 13:01:56 +02:00
Davide
ff5073d00b
Use python3 super and remove useless method re-definitions 2023-09-26 11:26:43 +02:00
Mariusz Felisiak
293403b807 Removed passing unused size parameter to was_modified_since(). 
The size parameter is unused because we pass timestamp and not the
If-Modified-Since HTML header.
 2022-03-14 20:38:28 +01:00
Peter Marheine
198f6a3295 Update compatibility for Django 4.0 
The only meaningful change is removing use of `force_text` (which was
deprecated in Django 3.0) in favor of `force_str` (which has existed
since before Django 1.11). On Python 3 there is no functional difference
between the two.
 2021-12-23 13:05:46 +11:00
Peter Marheine
a64a0e8c33 Split DownloadDispatcherMiddleware into two classes 
Instantiating a middleware but not using it as a middleware was a
strange behavior, so this change splits the dispatching out to another
class with a more specialized API and uses that middleware.
 2021-12-23 13:05:45 +11:00
Peter Marheine
0ab8aa3e8f Stop using django.util.deprecation.MiddlewareMixin 
That class is intended primarily for compatibility with Pre-1.10
middleware, and recently gained a check that get_response is not None.
This package ensures an unexpecified `get_response` function is never
called on its own, so it's simplest to manually implement the middleware
API.
 2021-12-23 13:05:45 +11:00
Peter Marheine
95b36fc843 Import ABCs from collections.abc, not collections 
The types in collections.abc were moved from just collections in Python
3.3, and Python 3.10 removed the old aliases. We no longer support
Python versions earlier than 3.3 and need to support 3.10, so update the
import.
 2021-12-23 10:27:14 +11:00
Rémy HUBSCHER
6cd9ec3dd0
Fix test. 2020-09-18 10:50:26 +02:00
Tim Gates
e2da75ec9d
docs: Fix simple typo, instanciate -> instantiate 
There is a small typo in django_downloadview/middlewares.py.

Should read `instantiate` rather than `instanciate`.
 2020-03-08 18:03:42 +11:00
Aleksi Häkli
aacb5c7a16
Fix missing function parameter 2020-01-13 17:23:54 +02:00
Rémy HUBSCHER
bfb9c3cedb
Fix flake8 errors. 2020-01-13 10:46:14 +01:00
Aleksi Häkli
839b7bda38
Add signed file system storage 
Fixes #138
 2020-01-13 11:25:40 +02:00
Rémy HUBSCHER
c59cc37a0f
Validate black and isort on travis. 2020-01-07 15:55:44 +01:00
Rémy HUBSCHER
56e419bfc7
Add isort config. 2020-01-07 15:51:55 +01:00
Rémy HUBSCHER
8dad97c92d
Fix flake8 2020-01-07 15:42:04 +01:00
Rémy HUBSCHER
af30524bd2
Remove u'' in front of strings. 2020-01-07 15:21:34 +01:00
Rémy HUBSCHER
6c7c8d9a60
Add isort support. 2020-01-07 15:19:22 +01:00
Rémy HUBSCHER
b094ed6cec
Add black support. 2020-01-07 15:12:51 +01:00
Rémy HUBSCHER
b893e52eba
Remove support for Python 2.7 2020-01-07 15:01:26 +01:00
Fabre Florian
ac1e4dc9ce Fix StorageFile compatibility & some lint issues 2020-01-07 11:34:51 +01:00
Fabre Florian
0ad5e1238a Fix middleware compatibility issues 2020-01-07 11:09:25 +01:00
Benoît Bryon
56214264f1 HTTPFile has 'content_type' property. Allows HTTPDownloadView to proxy Content-Type header. Refs #116 2016-03-14 17:05:32 +01:00
Benoît Bryon
08031dab21 Improved support of Python-3.5 and Django-1.9. Refs #112, refs #113. 2016-03-14 15:40:13 +01:00
Benoît Bryon
bdf8e6e368 Psycho-rebased work of @benesch and @zerc on top of master. 2015-07-20 18:14:08 +02:00
zero13cool
bf7b0f23fd Refs #104 - Convert datetime to unix timestamp 2015-07-16 22:00:27 +03:00
René Leonhardt
75b51ce214 Avoid calling get_path() twice inside get_file 
Overridden PathDownloadView.get_path() may contain database lookups and logging which should not be called twice if not necessary, as it was in my case.
Because the acquired filename does not change inside get_file(), I replaced the duplicate call.
 2015-07-14 12:03:52 +02:00
Benoît Bryon
5fa0a6caea Psycho-rebased branch 87-double-quoted-filename on top of master 2015-06-13 00:57:44 +02:00
Benoît Bryon
2d04d30ba4 Refs #97 - Code style. 2015-06-12 20:51:51 +02:00
Benoît Bryon
d122c68455 Refs #97 - Splitted StringIteratorIO into TextIteratorIO and BytesIteratorIO. StringIteratorIO remains for backward compatibility. 2015-06-12 16:47:46 +02:00
Benoît Bryon
c54131db6e Refs #98 - Moved tests outside django-downloadview package, i.e. in tests/ folder at project root. 2015-06-12 15:42:50 +02:00
Benoît Bryon
047745f084 Refs #97 - HTTPFile proxies decoded file wrapper (was undecoded urllib3 file wrapper). 2015-06-11 17:02:18 +02:00
CJ
fbb0f30f2a refs #87 quotes for ascii filename to fix doctest 2014-06-06 12:07:12 -04:00
CJ
3b124f0cdb refs #87 quotes for ascii filename to fix doctest 2014-06-06 11:59:50 -04:00
CJ
d7073be658 refs #87 assert_basename test failing 
Added quotes to assert_basename test.
 2014-06-06 11:49:30 -04:00
CJ
616c822b6c refs #87 Quotes around ascii filename, not utf-8 
Updated the test to go with my change.
 2014-06-06 10:37:54 -04:00
CJ
77166d2969 refs #87 Quotes around ascii filename, not utf-8 2014-06-06 10:37:04 -04:00
CJ
1407c0cc4e Tests updated for double quotes around filename 2014-06-06 09:58:37 -04:00
CJ
7b2d8215e6 Filename surrounded by double quotes. 
Chrome will give a Duplicate Header error if a file name has a comma in it, and the file name is not surrounded by  double quotes.
 2014-06-06 09:55:20 -04:00
Benoît Bryon
5c262dfa52 Fixed compliance to latest flake8. 2014-03-31 16:53:17 +02:00
Benoît Bryon
eeaabd2a37 Refs #80 - Added a test around demo's 'object:inline_file' URL. 2014-03-03 08:15:46 +01:00