X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/b658810bd0ea529e2412fdc33e5848278863d1b7..88fad1d1faee3291f3c74deb3ec4e089b134d51a:/apps/fileupload/views.py diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py index d08bfd32..a2025fe7 100644 --- a/apps/fileupload/views.py +++ b/apps/fileupload/views.py @@ -4,6 +4,7 @@ from urllib import quote from django.conf import settings from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden, Http404 from django.utils.decorators import method_decorator +from django.utils.encoding import smart_bytes from django.views.decorators.vary import vary_on_headers from django.views.generic import FormView, View from .forms import UploadForm @@ -19,7 +20,7 @@ else: def thumbnail(relpath): try: return default.backend.get_thumbnail(relpath, "x50").url - except IOError: + except (IOError, ValueError): # That's not an image. No thumb. return None @@ -74,9 +75,10 @@ class UploadView(FormView): Makes sure it's inside MEDIA_ROOT. """ + filename = smart_bytes(filename) path = os.path.abspath(os.path.join( settings.MEDIA_ROOT, - self.get_directory(), + smart_bytes(self.get_directory()), filename)) if not path.startswith(settings.MEDIA_ROOT): raise Http404