MCPcopy
hub / github.com/django/django / validate_file_name

Function validate_file_name

django/core/files/utils.py:7–23  ·  view source on GitHub ↗
(name, allow_relative_path=False)

Source from the content-addressed store, hash-verified

5
6
7def validate_file_name(name, allow_relative_path=False):
8 # Remove potentially dangerous names
9 if os.path.basename(name) in {"", ".", ".."}:
10 raise SuspiciousFileOperation("Could not derive file name from '%s'" % name)
11
12 if allow_relative_path:
13 # Ensure that name can be treated as a pure posix path, i.e. Unix
14 # style (with forward slashes).
15 path = pathlib.PurePosixPath(str(name).replace("\\", "/"))
16 if path.is_absolute() or ".." in path.parts:
17 raise SuspiciousFileOperation(
18 "Detected path traversal attempt in '%s'" % name
19 )
20 elif name != os.path.basename(name):
21 raise SuspiciousFileOperation("File name '%s' includes path elements" % name)
22
23 return name
24
25
26class FileProxyMixin:

Callers 4

_set_nameMethod · 0.90
saveMethod · 0.90
get_available_nameMethod · 0.90
generate_filenameMethod · 0.90

Calls 1

Tested by

no test coverage detected