forked from jazzband/django-downloadview
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Prevent reflected file downloads on specially-named files
This fixes jazzband#196, where it was observed that django_downloadview was vulnerable to reflected file download attacks with specially-named files, similar to CVE-2022-36359 in Django. This change adopts the same replacement rules as used in Django's fix in commit b3e4494d759202a3b6bf247fd34455bf13be5b80.
- Loading branch information
Showing
2 changed files
with
21 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters