Merge branch 'django-cms:master' into master

fsbraun · web-flow · commit 7ab5565e6486 · 2024-08-09T10:56:03.000+02:00
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -2,12 +2,22 @@
 CHANGELOG
 =========
 
-3.1.3 (2025-05-17)
+3.1.4 (2024-07-15)
+==================
+
+* feat: Accept new `STORAGES` setting, introduced in Django 4.2 by @fsbraun in https://github.com/django-cms/django-filer/pull/1472
+* feat: Replace `render` with `TemplateResponse` in admin views by @fsbraun in https://github.com/django-cms/django-filer/pull/1473
+* fix: File expand url incorrect and worked not with custom image models by @fsbraun in https://github.com/django-cms/django-filer/pull/1471
+* fix: Crash when moving files from a filtered directory listing by @W1ldPo1nter in https://github.com/django-cms/django-filer/pull/1482
+* ci: pre-commit autoupdate by @pre-commit-ci in https://github.com/django-cms/django-filer/pull/1477
+
+
+3.1.3 (2024-05-17)
 ==================
 * Fix: Folder select widget did not render correctly with standard Django admin
   styles.
 
-3.1.2 (2025-05-17)
+3.1.2 (2024-05-17)
 ==================
 
 * Made the filer check command compatible with custom image models.
diff --git a/filer/__init__.py b/filer/__init__.py
@@ -13,4 +13,4 @@
  8. Publish the release and it will automatically release to pypi
 """
 
-__version__ = '3.1.3'
+__version__ = '3.1.4'
diff --git a/filer/admin/folderadmin.py b/filer/admin/folderadmin.py
@@ -321,14 +321,13 @@ def directory_listing(self, request, folder_id=None, viewtype=None):
         order_by = request.GET.get('order_by', None)
         order_by_annotation = None
         if order_by is None:
-            file_qs = file_qs.annotate(coalesce_sort_field=Coalesce(
+            order_by_annotation = Lower(Coalesce(
                 Case(
                     When(name__exact='', then=None),
                     When(name__isnull=False, then='name')
                 ),
                 'original_filename'
             ))
-            order_by_annotation = Lower('coalesce_sort_field')
 
         order_by = order_by.split(',') if order_by else []
         order_by = [field for field in order_by
diff --git a/filer/models/abstract.py b/filer/models/abstract.py
@@ -1,11 +1,13 @@
 import logging
 
 from django.conf import settings
+from django.core.checks import Warning, register as register_check
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.utils.functional import cached_property
 from django.utils.translation import gettext_lazy as _
 
+
 import easy_thumbnails.utils
 from easy_thumbnails.VIL import Image as VILImage
 from PIL.Image import MAX_IMAGE_PIXELS
@@ -24,10 +26,24 @@
 # as if we allow it, it will fail while thumbnailing (first in the admin thumbnails
 # and then in the page itself.
 # Refer this https://github.com/python-pillow/Pillow/blob/b723e9e62e4706a85f7e44cb42b3d838dae5e546/src/PIL/Image.py#L3148
-FILER_MAX_IMAGE_PIXELS = min(
-    getattr(settings, "FILER_MAX_IMAGE_PIXELS", MAX_IMAGE_PIXELS),
-    MAX_IMAGE_PIXELS,
-)
+FILER_MAX_IMAGE_PIXELS = getattr(settings, "FILER_MAX_IMAGE_PIXELS", MAX_IMAGE_PIXELS)
+if MAX_IMAGE_PIXELS is not None:
+    FILER_MAX_IMAGE_PIXELS = min(FILER_MAX_IMAGE_PIXELS, MAX_IMAGE_PIXELS)
+
+
+@register_check()
+def max_pixel_setting_check(app_configs, **kwargs):
+    if not FILER_MAX_IMAGE_PIXELS:
+        return [
+            Warning(
+                "Both settings.FILER_MAX_IMAGE_PIXELS and PIL.Image.MAX_IMAGE_PIXELS are not set.",
+                hint="Set FILER_MAX_IMAGE_PIXELS to a positive integer value in your settings.py. "
+                     "This setting is used to limit the maximum number of pixels an image can have "
+                     "to protect your site from memory bombs.",
+                obj=settings,
+            )
+        ]
+    return []
 
 
 class BaseImage(File):
@@ -130,7 +146,7 @@ def clean(self):
         # the image gets attached to a folder and saved. We also
         # send the error msg in the JSON and also post the message
         # so that they know what is wrong with the image they uploaded
-        if not self.file:
+        if not self.file or not FILER_MAX_IMAGE_PIXELS:
             return
 
         if self._width is None or self._height is None:
diff --git a/tests/test_admin.py b/tests/test_admin.py
@@ -565,6 +565,33 @@ def test_filer_ajax_decompression_bomb(self):
 
         abstract.FILER_MAX_IMAGE_PIXELS = DEFAULT_MAX_IMAGE_PIXELS
 
+    def test_filer_max_pixel_deactivation(self):
+        from django.core.checks import Warning
+
+        DEFAULT_MAX_IMAGE_PIXELS = abstract.FILER_MAX_IMAGE_PIXELS
+        abstract.FILER_MAX_IMAGE_PIXELS = None  # Deactivate
+
+        self.assertEqual(Image.objects.count(), 0)
+        folder = Folder.objects.create(name='foo')
+        with open(self.filename, 'rb') as fh:
+            file_obj = django.core.files.File(fh)
+            url = reverse(
+                'admin:filer-ajax_upload',
+                kwargs={'folder_id': folder.pk}
+            ) + '?filename=%s' % self.image_name
+            self.client.post(
+                url,
+                data=file_obj.read(),
+                content_type='image/jpeg',
+                **{'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest'}
+            )
+        self.assertEqual(Image.objects.count(), 1)  # Success
+        check_result = abstract.max_pixel_setting_check(None)
+        self.assertEqual(len(check_result), 1)
+        self.assertIsInstance(check_result[0], Warning)
+
+        abstract.FILER_MAX_IMAGE_PIXELS = DEFAULT_MAX_IMAGE_PIXELS
+
     def test_filer_ajax_upload_file_using_content_type(self):
         self.assertEqual(Image.objects.count(), 0)
         folder = Folder.objects.create(name='foo')
