Bump importlib_metadata to 7

Bump version to 2023.8.1
CachedFileField: Do not store file that does not pass validation
2025-12-05 21:32:28 +00:00 · 2024-02-21 15:23:27 +01:00 · 2024-02-21 15:03:18 +01:00 · 2024-02-21 15:03:09 +01:00 · 2024-02-21 15:03:09 +01:00 · 2024-02-21 15:03:09 +01:00
4 changed files with 21 additions and 9 deletions
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -59,7 +59,7 @@ dependencies = [
  "dnspython==2.3.*",
  "drf_ujson2==1.7.*",
  "geoip2==4.*",
-  "importlib_metadata==6.*",  # Polyfill, we can probably drop this once we require Python 3.10+
+  "importlib_metadata==7.*",  # Polyfill, we can probably drop this once we require Python 3.10+
  "isoweek",
  "jsonschema",
  "kombu==5.3.*",
--- a/src/pretix/init.py
+++ b/src/pretix/init.py
@@ -19,4 +19,4 @@
 # You should have received a copy of the GNU Affero General Public License along with this program.  If not, see
 # <https://www.gnu.org/licenses/>.
 #
-__version__ = "2023.8.0"
+__version__ = "2023.8.1"
--- a/src/pretix/control/forms/init.py
+++ b/src/pretix/control/forms/init.py
@@ -219,15 +219,17 @@ class ExtValidationMixin:

    def clean(self, *args, **kwargs):
        data = super().clean(*args, **kwargs)
-        if isinstance(data, UploadedFile):
-            filename = data.name
+
+        from ...base.models import CachedFile
+        if isinstance(data, (UploadedFile, CachedFile)):
+            filename = data.name if isinstance(data, UploadedFile) else data.filename
            ext = os.path.splitext(filename)[1]
            ext = ext.lower()
            if ext not in self.ext_whitelist:
                raise forms.ValidationError(_("Filetype not allowed!"))

            if ext in IMAGE_EXTS:
-                validate_uploaded_file_for_valid_image(data)
+                validate_uploaded_file_for_valid_image(data if isinstance(data, UploadedFile) else data.file)

        return data

@@ -257,6 +259,12 @@ class CachedFileField(ExtFileField):
        if isinstance(data, File):
            if hasattr(data, '_uploaded_to'):
                return data._uploaded_to
+
+            try:
+                self.clean(data)
+            except ValidationError:
+                return None
+
            cf = CachedFile.objects.create(
                expires=now() + datetime.timedelta(days=1),
                date=now(),
@@ -268,6 +276,9 @@ class CachedFileField(ExtFileField):
            cf.save()
            data._uploaded_to = cf
            return cf
+        if isinstance(data, CachedFile):
+            return data
+
        return super().bound_data(data, initial)

    def clean(self, *args, **kwargs):
--- a/src/pretix/helpers/images.py
+++ b/src/pretix/helpers/images.py
@@ -44,11 +44,12 @@ def validate_uploaded_file_for_valid_image(f):
    # have to read the data into memory.
    if hasattr(f, 'temporary_file_path'):
        file = f.temporary_file_path()
+    elif hasattr(f, 'read'):
+        if hasattr(f, 'seek') and callable(f.seek):
+            f.seek(0)
+        file = BytesIO(f.read())
    else:
-        if hasattr(f, 'read'):
-            file = BytesIO(f.read())
-        else:
-            file = BytesIO(f['content'])
+        file = BytesIO(f['content'])

    try:
        try:
Author	SHA1	Message	Date
Raphael Michel	4013d71b3c	Bump importlib_metadata to 7	2024-02-21 15:23:27 +01:00
Raphael Michel	04c75557ff	Bump version to 2023.8.1	2024-02-21 15:03:18 +01:00
Raphael Michel	33fa62d6ac	CachedFileField: Do not store file that does not pass validation	2024-02-21 15:03:09 +01:00
Mira Weller	b6e27c8854	forms: fix image file upload in CachedFileField	2024-02-21 15:03:09 +01:00
Mira Weller	f23ea6386e	forms: fix bound data retrieval of CachedFile when re-submitting a form a second time, the cached file got lost	2024-02-21 15:03:09 +01:00
Mira Weller	4ddd3acae9	forms: fix file type validation on CachedFileInput	2024-02-21 15:03:09 +01:00