mirror of
https://github.com/akuker/RASCSI.git
synced 2024-12-22 15:30:09 +00:00
Revert to previous upload code, but keeping the secure filename improvement
This commit is contained in:
parent
f6a8ee2e03
commit
e5d9f9522e
@ -172,7 +172,7 @@
|
|||||||
<table style="border: none">
|
<table style="border: none">
|
||||||
<tr style="border: none">
|
<tr style="border: none">
|
||||||
<td style="border: none; vertical-align:top;">
|
<td style="border: none; vertical-align:top;">
|
||||||
<form action="/files/upload" method="post" enctype="multipart/form-data">
|
<form id="uploadForm" action="/files/upload/" onchange="fileSelect(event)" method="post" enctype="multipart/form-data">
|
||||||
<label for="file">File:</label>
|
<label for="file">File:</label>
|
||||||
<input type="file" name="file" accept="{{valid_file_suffix}}" />
|
<input type="file" name="file" accept="{{valid_file_suffix}}" />
|
||||||
<input type="submit" value="Upload" />
|
<input type="submit" value="Upload" />
|
||||||
@ -181,6 +181,13 @@
|
|||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<p><small>Supported file types: {{valid_file_suffix}}</small></p>
|
<p><small>Supported file types: {{valid_file_suffix}}</small></p>
|
||||||
|
<script>
|
||||||
|
function fileSelect(e) {
|
||||||
|
document.getElementById("uploadForm").setAttribute('action', "/files/upload/" + e.target.files[0].name)
|
||||||
|
console.log(e.target.files[0].name);
|
||||||
|
}
|
||||||
|
</script>
|
||||||
|
|
||||||
|
|
||||||
<hr/>
|
<hr/>
|
||||||
|
|
||||||
|
@ -483,31 +483,30 @@ def download_img():
|
|||||||
return redirect(url_for("index"))
|
return redirect(url_for("index"))
|
||||||
|
|
||||||
|
|
||||||
@app.route("/files/upload", methods=["POST"])
|
@app.route("/files/upload/<filename>", methods=["POST"])
|
||||||
def upload_file():
|
def upload_file(filename):
|
||||||
if 'file' not in request.files:
|
if not filename:
|
||||||
flash("No file part in request.", "error")
|
flash("No file provided.", "error")
|
||||||
return redirect(url_for("index"))
|
|
||||||
f = request.files["file"]
|
|
||||||
if f.filename == "":
|
|
||||||
flash("No file selected.", "error")
|
|
||||||
return redirect(url_for("index"))
|
return redirect(url_for("index"))
|
||||||
|
|
||||||
from werkzeug.utils import secure_filename
|
|
||||||
from os import path
|
from os import path
|
||||||
filename = secure_filename(f.filename)
|
from werkzeug.utils import secure_filename
|
||||||
filepath = path.join(app.config["UPLOAD_FOLDER"], filename)
|
file_path = path.join(app.config["UPLOAD_FOLDER"], secure_filename(filename))
|
||||||
if path.isfile(filepath):
|
if path.isfile(file_path):
|
||||||
flash(f"{filename} already exists.", "error")
|
flash(f"{filename} already exists.", "error")
|
||||||
return redirect(url_for("index"))
|
return redirect(url_for("index"))
|
||||||
else:
|
|
||||||
try:
|
from io import DEFAULT_BUFFER_SIZE
|
||||||
f.save(filepath)
|
binary_new_file = "bx"
|
||||||
flash(f"File {filename} successfully uploaded to {base_dir} !")
|
with open(file_path, binary_new_file, buffering=DEFAULT_BUFFER_SIZE) as f:
|
||||||
return redirect(url_for("index"))
|
chunk_size = DEFAULT_BUFFER_SIZE
|
||||||
except:
|
while True:
|
||||||
flash(f"Failed to upload {filename} !")
|
chunk = request.stream.read(chunk_size)
|
||||||
return redirect(url_for("index"))
|
if len(chunk) == 0:
|
||||||
|
break
|
||||||
|
f.write(chunk)
|
||||||
|
# TODO: display an informative success message
|
||||||
|
return redirect(url_for("index", filename=filename))
|
||||||
|
|
||||||
|
|
||||||
@app.route("/files/create", methods=["POST"])
|
@app.route("/files/create", methods=["POST"])
|
||||||
|
Loading…
Reference in New Issue
Block a user