CGM_Public/pretix_original
2
0
Fork 1
mirror of https://github.com/pretix/pretix.git synced 2026-05-03 14:54:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade to Django 3.2 (#2056)

Browse Source
This commit is contained in:
Raphael Michel
2021-05-07 12:00:30 +02:00
committed by GitHub
parent 0a7a3537eb
commit 403b8191e4
120 changed files with 1994 additions and 1555 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/pretix/base/models/base.py
View File

@@ -36,7 +36,13 @@ from pretix.helpers.json import CustomJSONEncoder
def cachedfile_name(instance, filename: str) -> str:
secret = get_random_string(length=12)
return 'cachedfiles/%s.%s.%s' % (instance.id, secret, filename.split('.')[-1])
return '%s.%s.%s' % (instance.id, secret, filename.split('.')[-1])
def _cachedfile_name(instance, filename: str) -> str:
# This was previously combined with cachedfile_name in one function, but a security patch for Django introduced
# additional file name validation in May 2021, and this was the best way to fix it without breaking plugins.
return 'cachedfiles/' + cachedfile_name(instance, filename)
class CachedFile(models.Model):
@@ -48,7 +54,7 @@ class CachedFile(models.Model):
date = models.DateTimeField(null=True, blank=True)
filename = models.CharField(max_length=255)
type = models.CharField(max_length=255)
file = models.FileField(null=True, blank=True, upload_to=cachedfile_name, max_length=255)
file = models.FileField(null=True, blank=True, upload_to=_cachedfile_name, max_length=255)
web_download = models.BooleanField(default=True) # allow web download, True for backwards compatibility in plugins
session_key = models.TextField(null=True, blank=True) # only allow download in this session