PyPI - python-multipart - Versions diffs - 0.0.20__tar.gz → 0.0.22__tar.gz - Mend

python-multipart 0.0.20tar.gz → 0.0.22tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

{python_multipart-0.0.20 → python_multipart-0.0.22}/CHANGELOG.md RENAMED Viewed

@@ -1,5 +1,13 @@
 # Changelog
+## 0.0.22 (2026-01-25)
+* Drop directory path from filename in `File` [9433f4b](https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4).
+## 0.0.21 (2025-12-17)
+* Add support for Python 3.14 and drop EOL 3.8 and 3.9 [#216](https://github.com/Kludex/python-multipart/pull/216).
 ## 0.0.20 (2024-12-16)
 * Handle messages containing only end boundary [#142](https://github.com/Kludex/python-multipart/pull/142).

{python_multipart-0.0.20 → python_multipart-0.0.22}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python-multipart
-Version: 0.0.20
+Version: 0.0.22
 Summary: A streaming multipart parser for Python
 Project-URL: Homepage, https://github.com/Kludex/python-multipart
 Project-URL: Documentation, https://kludex.github.io/python-multipart/
@@ -16,13 +16,13 @@ Classifier: License :: OSI Approved :: Apache Software License
 Classifier: Operating System :: OS Independent
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3 :: Only
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Requires-Python: >=3.8
+Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 # [Python-Multipart](https://kludex.github.io/python-multipart/)

{python_multipart-0.0.20 → python_multipart-0.0.22}/pyproject.toml RENAMED Viewed

@@ -8,7 +8,7 @@ dynamic = ["version"]
 description = "A streaming multipart parser for Python"
 readme = "README.md"
 license = "Apache-2.0"
-requires-python = ">=3.8"
+requires-python = ">=3.10"
 authors = [
     { name = "Andrew Dunham", email = "andrew@du.nham.ca" },
     { name = "Marcelo Trylesinski", email = "marcelotryle@gmail.com" },
@@ -21,17 +21,17 @@ classifiers = [
     'Operating System :: OS Independent',
     'Programming Language :: Python :: 3 :: Only',
     'Programming Language :: Python :: 3',
-    'Programming Language :: Python :: 3.8',
-    'Programming Language :: Python :: 3.9',
     'Programming Language :: Python :: 3.10',
     'Programming Language :: Python :: 3.11',
     'Programming Language :: Python :: 3.12',
+    'Programming Language :: Python :: 3.13',
+    'Programming Language :: Python :: 3.14',
     'Topic :: Software Development :: Libraries :: Python Modules',
 ]
 dependencies = []
-[tool.uv]
-dev-dependencies = [
+[dependency-groups]
+dev = [
     "atomicwrites==1.4.1",
     "attrs==23.2.0",
     "coverage==7.4.4",
@@ -44,7 +44,7 @@ dev-dependencies = [
     "PyYAML==6.0.1",
     "invoke==2.2.0",
     "pytest-timeout==2.3.1",
-    "ruff==0.8.0",
+    "ruff==0.11.7",
     "mypy",
     "types-PyYAML",
     "atheris==2.3.0; python_version <= '3.11'",

{python_multipart-0.0.20 → python_multipart-0.0.22}/python_multipart/__init__.py RENAMED Viewed

@@ -2,7 +2,7 @@
 __author__ = "Andrew Dunham"
 __license__ = "Apache"
 __copyright__ = "Copyright (c) 2012-2013, Andrew Dunham"
-__version__ = "0.0.20"
+__version__ = "0.0.22"
 from .multipart import (
     BaseParser,

{python_multipart-0.0.20 → python_multipart-0.0.22}/python_multipart/decoders.py RENAMED Viewed

@@ -62,7 +62,7 @@ class Base64Decoder:
         # Prepend any cache info to our data.
         if len(self.cache) > 0:
-            data = self.cache + data
+            data = bytes(self.cache) + data
         # Slice off a string that's a multiple of 4.
         decode_len = (len(data) // 4) * 4

{python_multipart-0.0.20 → python_multipart-0.0.22}/python_multipart/multipart.py RENAMED Viewed

@@ -15,9 +15,8 @@ from .decoders import Base64Decoder, QuotedPrintableDecoder
 from .exceptions import FileError, FormParserError, MultipartParseError, QuerystringParseError
 if TYPE_CHECKING:  # pragma: no cover
-    from typing import Any, Callable, Literal, Protocol, TypedDict
-    from typing_extensions import TypeAlias
+    from collections.abc import Callable
+    from typing import Any, Literal, Protocol, TypeAlias, TypedDict
     class SupportsRead(Protocol):
         def read(self, __n: int) -> bytes: ...
@@ -332,7 +331,7 @@ class Field:
         else:
             v = repr(self.value)
-        return "{}(field_name={!r}, value={})".format(self.__class__.__name__, self.field_name, v)
+        return f"{self.__class__.__name__}(field_name={self.field_name!r}, value={v})"
 class File:
@@ -376,7 +375,9 @@ class File:
         # Split the extension from the filename.
         if file_name is not None:
-            base, ext = os.path.splitext(file_name)
+            # Extract just the basename to avoid directory traversal
+            basename = os.path.basename(file_name)
+            base, ext = os.path.splitext(basename)
             self._file_base = base
             self._ext = ext
@@ -570,7 +571,7 @@ class File:
         self._fileobj.close()
     def __repr__(self) -> str:
-        return "{}(file_name={!r}, field_name={!r})".format(self.__class__.__name__, self.file_name, self.field_name)
+        return f"{self.__class__.__name__}(file_name={self.file_name!r}, field_name={self.field_name!r})"
 class BaseParser:
@@ -1241,7 +1242,7 @@ class MultipartParser(BaseParser):
             elif state == MultipartState.HEADER_VALUE_ALMOST_DONE:
                 # The last character should be a LF.  If not, it's an error.
                 if c != LF:
-                    msg = "Did not find LF character at end of header " "(found %r)" % (c,)
+                    msg = f"Did not find LF character at end of header (found {c!r})"
                     self.logger.warning(msg)
                     e = MultipartParseError(msg)
                     e.offset = i
@@ -1715,7 +1716,7 @@ class FormParser:
                 else:
                     self.logger.warning("Unknown Content-Transfer-Encoding: %r", transfer_encoding)
                     if self.config["UPLOAD_ERROR_ON_BAD_CTE"]:
-                        raise FormParserError('Unknown Content-Transfer-Encoding "{!r}"'.format(transfer_encoding))
+                        raise FormParserError(f'Unknown Content-Transfer-Encoding "{transfer_encoding!r}"')
                     else:
                         # If we aren't erroring, then we just treat this as an
                         # unencoded Content-Transfer-Encoding.
@@ -1746,7 +1747,7 @@ class FormParser:
         else:
             self.logger.warning("Unknown Content-Type: %r", content_type)
-            raise FormParserError("Unknown Content-Type: {}".format(content_type))
+            raise FormParserError(f"Unknown Content-Type: {content_type}")
         self.parser = parser
@@ -1776,7 +1777,7 @@ class FormParser:
             self.parser.close()
     def __repr__(self) -> str:
-        return "{}(content_type={!r}, parser={!r})".format(self.__class__.__name__, self.content_type, self.parser)
+        return f"{self.__class__.__name__}(content_type={self.content_type!r}, parser={self.parser!r})"
 def create_form_parser(

{python_multipart-0.0.20 → python_multipart-0.0.22}/tests/compat.py RENAMED Viewed

@@ -8,7 +8,8 @@ import types
 from typing import TYPE_CHECKING
 if TYPE_CHECKING:
-    from typing import Any, Callable
+    from collections.abc import Callable
+    from typing import Any
 def ensure_in_path(path: str) -> None:

python_multipart-0.0.22/tests/test_file.py ADDED Viewed

@@ -0,0 +1,26 @@
+from pathlib import Path
+from python_multipart.multipart import File
+def test_upload_dir_with_leading_slash_in_filename(tmp_path: Path) -> None:
+    upload_dir = tmp_path / "upload"
+    upload_dir.mkdir()
+    # When the file_name provided has a leading slash, we should only use the basename.
+    # This is to avoid directory traversal.
+    to_upload = tmp_path / "foo.txt"
+    file = File(
+        bytes(to_upload),
+        config={
+            "UPLOAD_DIR": bytes(upload_dir),
+            "UPLOAD_KEEP_FILENAME": True,
+            "UPLOAD_KEEP_EXTENSIONS": True,
+            "MAX_MEMORY_FILE_SIZE": 10,
+        },
+    )
+    file.write(b"123456789012")
+    assert not file.in_memory
+    assert Path(upload_dir / "foo.txt").exists()
+    assert Path(upload_dir / "foo.txt").read_bytes() == b"123456789012"

{python_multipart-0.0.20 → python_multipart-0.0.22}/tests/test_multipart.py RENAMED Viewed

@@ -37,7 +37,8 @@ from python_multipart.multipart import (
 from .compat import parametrize, parametrize_class
 if TYPE_CHECKING:
-    from typing import Any, Iterator, TypedDict
+    from collections.abc import Iterator
+    from typing import Any, TypedDict
     from python_multipart.multipart import FieldProtocol, FileConfig, FileProtocol
@@ -1069,7 +1070,9 @@ class TestFormParser(unittest.TestCase):
         self.make("boundary")
         data = b"--Boundary\r\nfoobar"
-        with self.assertRaisesRegex(MultipartParseError, "Expected boundary character %r, got %r" % (b"b"[0], b"B"[0])):
+        with self.assertRaisesRegex(
+            MultipartParseError, "Expected boundary character {!r}, got {!r}".format(b"b"[0], b"B"[0])
+        ):
             self.f.write(data)
     def test_octet_stream(self) -> None: