type_defect | by jennifer@painless-security.com
The SubmissionBaseUploadForm performs filename/path validation that adds validation errors via add_error() to allow multiple validation errors to be reported. Even if this fails, code later in the clean() method creates a file using that path. This should not happen - the invalid filename should not be used to create a file.
Issue migrated from trac:3539 at 2022-03-04 09:27:21 +0000
type_defect| by jennifer@painless-security.comThe
SubmissionBaseUploadFormperforms filename/path validation that adds validation errors viaadd_error()to allow multiple validation errors to be reported. Even if this fails, code later in theclean()method creates a file using that path. This should not happen - the invalid filename should not be used to create a file.Issue migrated from trac:3539 at 2022-03-04 09:27:21 +0000