Hopiu/django-downloadview
1
0
Fork 0
mirror of https://github.com/jazzband/django-downloadview.git synced 2026-05-25 15:43:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
django-downloadview/tests
History
Peter Marheine 0568c3c559 Prevent reflected file downloads on specially-named files 
This fixes #196, where it was observed that django_downloadview
was vulnerable to reflected file download attacks with
specially-named files, similar to CVE-2022-36359 in Django.
This change adopts the same replacement rules as used in Django's fix
in commit b3e4494d759202a3b6bf247fd34455bf13be5b80.
2024-08-01 06:24:00 +00:00
..
__init__.py Refs #98 - Added __init__ script in tests/ folder. 2015-06-12 16:52:33 +02:00
api.py Update references to middleware settings 2024-07-30 13:01:56 +02:00
io.py Remove u'' in front of strings. 2020-01-07 15:21:34 +01:00
packaging.py Replace use of pkg_resources (setuptools) 2024-07-31 11:41:25 +00:00
response.py Prevent reflected file downloads on specially-named files 2024-08-01 06:24:00 +00:00
sendfile.py Add isort config. 2020-01-07 15:51:55 +01:00
signature.py Fix flake8 errors. 2020-01-13 10:46:14 +01:00
views.py Removed passing unused size parameter to was_modified_since(). 2022-03-14 20:38:28 +01:00