mixkorshun / django-safe-filefield

Secure file field, which allows you to restrict uploaded file extensions.
MIT License
53 stars 10 forks source link

'FieldFile' object has no attribute 'content_type' #4

Open tylerecouture opened 6 years ago

tylerecouture commented 6 years ago

I'm getting this error when trying to use a SafeFileField

Any idea what the problem might be?

Here's the field declaration:

custom_stylesheet = SafeFileField(null=True, blank=True, upload_to=user_directory_path, allowed_extensions=('css',))

Here's the error:

Request Method: POST http://127.0.0.1:8000/profiles/1/edit/ 1.11.6 AttributeError 'FieldFile' object has no attribute 'content_type' .../python3.4/site-packages/safe_filefield/validators.py in call, line 66

Stack trace ends with:

.../python3.4/site-packages/safe_filefield/validators.py in __call__
 66.                   ext in mimetypes.guess_all_extensions(file.content_type)

Local Vars

Variable Value
__ 'custom'
detected_content_type 'text/plain'
ext '.css'
file
self <safe_filefield.validators.FileContentTypeValidator object at 0x7f3d09c05630>
mixkorshun commented 6 years ago

I don't have any idea what it can be.

Can you provide code of form and view classes which reproduce the error?

trixden commented 6 years ago

I have that error in Django 1.11.7.

avatar = SafeFileField(upload_to=get_file_path, blank=True, null=True, verbose_name='Аватар',
        allowed_extensions=('jpg', 'jpeg', 'png', 'gif'))

I take this error in Django admin interface

trixden commented 6 years ago

Error is hided, when i set check_content_type=False

dpenztech commented 5 years ago

I see that nsurbay fixed this issue in a commit on May 25, 2018. I found the problem still exists in the version in pypi, came here to research, replaced validators.py with the one from this site, and the error is gone. Thanks for the fix nsurbay! mixkorshun, can you see that pypi gets updated?

nathando commented 4 years ago

But there is also no new release after that fix ?

oguzhancelikarslan commented 4 years ago

Error is hided, when i set check_content_type=False

you don't want to do that. if you set check_content_type=False you almost remove the most important security layer in this app. You should not depend on only file extension validation.