Hopiu/django-downloadview
1
0
Fork 0
mirror of https://github.com/jazzband/django-downloadview.git synced 2026-03-16 22:40:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
408 commits 4 branches 18 tags 910 KiB
Commit graph

30 commits

Author SHA1 Message Date
Rémy HUBSCHER
711b2e50b5
Run pre-commit on all files 2024-08-05 10:53:19 +02:00
Peter Marheine
0568c3c559 Prevent reflected file downloads on specially-named files 
This fixes #196, where it was observed that django_downloadview
was vulnerable to reflected file download attacks with
specially-named files, similar to CVE-2022-36359 in Django.
This change adopts the same replacement rules as used in Django's fix
in commit b3e4494d759202a3b6bf247fd34455bf13be5b80.
 2024-08-01 06:24:00 +00:00
Davide
ff5073d00b
Use python3 super and remove useless method re-definitions 2023-09-26 11:26:43 +02:00
Rémy HUBSCHER
c59cc37a0f
Validate black and isort on travis. 2020-01-07 15:55:44 +01:00
Rémy HUBSCHER
6c7c8d9a60
Add isort support. 2020-01-07 15:19:22 +01:00
Rémy HUBSCHER
b094ed6cec
Add black support. 2020-01-07 15:12:51 +01:00
Rémy HUBSCHER
b893e52eba
Remove support for Python 2.7 2020-01-07 15:01:26 +01:00
CJ
fbb0f30f2a refs #87 quotes for ascii filename to fix doctest 2014-06-06 12:07:12 -04:00
CJ
3b124f0cdb refs #87 quotes for ascii filename to fix doctest 2014-06-06 11:59:50 -04:00
CJ
77166d2969 refs #87 Quotes around ascii filename, not utf-8 2014-06-06 10:37:04 -04:00
CJ
7b2d8215e6 Filename surrounded by double quotes. 
Chrome will give a Duplicate Header error if a file name has a comma in it, and the file name is not surrounded by  double quotes.
 2014-06-06 09:55:20 -04:00
Benoît Bryon
5c262dfa52 Fixed compliance to latest flake8. 2014-03-31 16:53:17 +02:00
Benoît Bryon
7875999fe2 Refs #80 - Improved documentation about 'DownnloadMixin.attachment' attribute. 2014-03-03 07:49:30 +01:00
Benoît Bryon
70c6b00442 Refs #46 - Fixed Python 2 and Python 3 compatibility in doctests related to string/unicode. 2014-02-25 00:47:20 +01:00
Rémy HUBSCHER
1ea2790ba9 Refs #46 -- Add Py3 support. 2014-02-16 19:13:44 +01:00
Benoît Bryon
d587c515f0 Refs #74 - Switched to tox as test-environment manager. Added flake8 to the test suite. Dropped python 2.6 tests. Makefile no longer creates a virtualenv. 2014-02-10 01:27:14 +01:00
Benoît Bryon
6dd090757a Refs #41 - Added 'mimetype' and 'encoding' arguments to 'DownloadMixin' => supported all arguments of original sendfile() function. Added documentation about migrating from django-sendfile to django-downloadview. 2013-11-29 00:55:46 +01:00
Benoît Bryon
8b44724c90 Refs #36 - Introduced support of Apache X-Sendfile. 2013-11-26 09:30:19 +01:00
Benoît Bryon
f2d5a92b99 Refs #7 - Urlencoded non US-ASCII characters in Content-Disposition header (file name). 2013-11-18 12:12:02 +01:00
Benoît Bryon
874f3b9b54 Refs #25, refs #39, refs #40, refs #42 - Big refactoring in documentation and demo: narrative documentation uses examples from demo project. 2013-10-28 16:58:18 +01:00
Benoît Bryon
4547cc2f90 Refs #42 - Ignored Content-Length header for generated files. 2013-10-21 15:02:37 +02:00
Benoît Bryon
588b1b0a6e Introduced DownloadDispatcherMiddleware and settings.DOWNLOADVIEW_MIDDLEWARES. Deprecated most options for former global XAccelRedirectMiddleware. Splitted nginx module into a package. Introduced BaseDownloadMiddleware. 2013-10-04 18:11:16 +02:00
Benoît Bryon
5a3ff57e23 Refs #13 - Using Django's StreamingHttpResponse. Requires Django>=1.5. Introduced django_downloadview.test.assert_download_response(). 2013-03-20 16:00:20 +01:00
Rémy HUBSCHER
d4dfbcffbe Come back baby come back 2013-02-05 16:49:43 +01:00
Rémy HUBSCHER
f9fe4f3a2f Improve DownloadView for cStringIO file download response 2013-02-05 10:51:11 +01:00
Benoît Bryon
a012b11e97 Refs #21 and refs #23 - Download view passes a file wrapper to download response. The file wrapper encapsulates file attributes such as name, size or URL (introduced URL). 2012-12-13 19:01:50 +01:00
Benoît Bryon
4f29852ddb Reviewed documentation. Preparing first public release. 2012-12-04 11:47:37 +01:00
Benoit Bryon
e5a36a4b41 Introduced DownloadResponse.url. Not used yet. 2012-11-22 10:29:09 +01:00
Benoit Bryon
46542cdc3c Refs #3 - Introduced base decorators and middlewares. 2012-11-19 14:41:52 +01:00
Benoit Bryon
5a432dc700 Refs #3 - Introduced DownloadResponse. 2012-11-19 14:41:52 +01:00