mirror of
https://github.com/akuker/RASCSI.git
synced 2025-01-12 16:30:23 +00:00
Revert to previous upload code, but keeping the secure filename improvement
This commit is contained in:
parent
e33e5c0560
commit
c2be764aa6
@ -172,7 +172,7 @@
|
||||
<table style="border: none">
|
||||
<tr style="border: none">
|
||||
<td style="border: none; vertical-align:top;">
|
||||
<form action="/files/upload" method="post" enctype="multipart/form-data">
|
||||
<form id="uploadForm" action="/files/upload/" onchange="fileSelect(event)" method="post" enctype="multipart/form-data">
|
||||
<label for="file">File:</label>
|
||||
<input type="file" name="file" accept="{{valid_file_suffix}}" />
|
||||
<input type="submit" value="Upload" />
|
||||
@ -181,6 +181,13 @@
|
||||
</tr>
|
||||
</table>
|
||||
<p><small>Supported file types: {{valid_file_suffix}}</small></p>
|
||||
<script>
|
||||
function fileSelect(e) {
|
||||
document.getElementById("uploadForm").setAttribute('action', "/files/upload/" + e.target.files[0].name)
|
||||
console.log(e.target.files[0].name);
|
||||
}
|
||||
</script>
|
||||
|
||||
|
||||
<hr/>
|
||||
|
||||
|
@ -483,31 +483,30 @@ def download_img():
|
||||
return redirect(url_for("index"))
|
||||
|
||||
|
||||
@app.route("/files/upload", methods=["POST"])
|
||||
def upload_file():
|
||||
if 'file' not in request.files:
|
||||
flash("No file part in request.", "error")
|
||||
return redirect(url_for("index"))
|
||||
f = request.files["file"]
|
||||
if f.filename == "":
|
||||
flash("No file selected.", "error")
|
||||
@app.route("/files/upload/<filename>", methods=["POST"])
|
||||
def upload_file(filename):
|
||||
if not filename:
|
||||
flash("No file provided.", "error")
|
||||
return redirect(url_for("index"))
|
||||
|
||||
from werkzeug.utils import secure_filename
|
||||
from os import path
|
||||
filename = secure_filename(f.filename)
|
||||
filepath = path.join(app.config["UPLOAD_FOLDER"], filename)
|
||||
if path.isfile(filepath):
|
||||
from werkzeug.utils import secure_filename
|
||||
file_path = path.join(app.config["UPLOAD_FOLDER"], secure_filename(filename))
|
||||
if path.isfile(file_path):
|
||||
flash(f"{filename} already exists.", "error")
|
||||
return redirect(url_for("index"))
|
||||
else:
|
||||
try:
|
||||
f.save(filepath)
|
||||
flash(f"File {filename} successfully uploaded to {base_dir} !")
|
||||
return redirect(url_for("index"))
|
||||
except:
|
||||
flash(f"Failed to upload {filename} !")
|
||||
return redirect(url_for("index"))
|
||||
|
||||
from io import DEFAULT_BUFFER_SIZE
|
||||
binary_new_file = "bx"
|
||||
with open(file_path, binary_new_file, buffering=DEFAULT_BUFFER_SIZE) as f:
|
||||
chunk_size = DEFAULT_BUFFER_SIZE
|
||||
while True:
|
||||
chunk = request.stream.read(chunk_size)
|
||||
if len(chunk) == 0:
|
||||
break
|
||||
f.write(chunk)
|
||||
# TODO: display an informative success message
|
||||
return redirect(url_for("index", filename=filename))
|
||||
|
||||
|
||||
@app.route("/files/create", methods=["POST"])
|
||||
|
Loading…
x
Reference in New Issue
Block a user