Macintosh-HW/RASCSI
1
0
Fork 0
mirror of https://github.com/akuker/RASCSI.git synced 2024-12-25 18:32:56 +00:00
Code Issues Projects Releases Wiki Activity

Revert to previous upload code, but keeping the secure filename improvement

Browse Source
This commit is contained in:
Daniel Markstedt 2021-09-21 16:55:08 -07:00
parent e33e5c0560
commit c2be764aa6
2 changed files with 27 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/web/templates/index.html
View File

@ -172,7 +172,7 @@
<table style="border: none"> <table style="border: none">
<tr style="border: none"> <tr style="border: none">
<td style="border: none; vertical-align:top;"> <td style="border: none; vertical-align:top;">
<form action="/files/upload" method="post" enctype="multipart/form-data"> <form id="uploadForm" action="/files/upload/" onchange="fileSelect(event)" method="post" enctype="multipart/form-data">
<label for="file">File:</label> <label for="file">File:</label>
<input type="file" name="file" accept="{{valid_file_suffix}}" /> <input type="file" name="file" accept="{{valid_file_suffix}}" />
<input type="submit" value="Upload" /> <input type="submit" value="Upload" />
@ -181,6 +181,13 @@
</tr> </tr>
</table> </table>
<p><small>Supported file types: {{valid_file_suffix}}</small></p> <p><small>Supported file types: {{valid_file_suffix}}</small></p>
<script>
function fileSelect(e) {
document.getElementById("uploadForm").setAttribute('action', "/files/upload/" + e.target.files[0].name)
console.log(e.target.files[0].name);
}
</script>
<hr/> <hr/>

39
src/web/web.py
View File

@ -483,31 +483,30 @@ def download_img():
return redirect(url_for("index")) return redirect(url_for("index"))
@app.route("/files/upload", methods=["POST"]) @app.route("/files/upload/<filename>", methods=["POST"])
def upload_file(): def upload_file(filename):
if 'file' not in request.files: if not filename:
flash("No file part in request.", "error") flash("No file provided.", "error")
return redirect(url_for("index"))
f = request.files["file"]
if f.filename == "":
flash("No file selected.", "error")
return redirect(url_for("index")) return redirect(url_for("index"))
from werkzeug.utils import secure_filename
from os import path from os import path
filename = secure_filename(f.filename) from werkzeug.utils import secure_filename
filepath = path.join(app.config["UPLOAD_FOLDER"], filename) file_path = path.join(app.config["UPLOAD_FOLDER"], secure_filename(filename))
if path.isfile(filepath): if path.isfile(file_path):
flash(f"{filename} already exists.", "error") flash(f"{filename} already exists.", "error")
return redirect(url_for("index")) return redirect(url_for("index"))
else:
try: from io import DEFAULT_BUFFER_SIZE
f.save(filepath) binary_new_file = "bx"
flash(f"File {filename} successfully uploaded to {base_dir} !") with open(file_path, binary_new_file, buffering=DEFAULT_BUFFER_SIZE) as f:
return redirect(url_for("index")) chunk_size = DEFAULT_BUFFER_SIZE
except: while True:
flash(f"Failed to upload {filename} !") chunk = request.stream.read(chunk_size)
return redirect(url_for("index")) if len(chunk) == 0:
break
f.write(chunk)
# TODO: display an informative success message
return redirect(url_for("index", filename=filename))
@app.route("/files/create", methods=["POST"]) @app.route("/files/create", methods=["POST"])