Mercurial > hg > uploader

annotate uploader/handlers.py @ 18:cc5f567ce840

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
make it safe
author Jeff Hammel <jhammel@mozilla.com>
date Sat, 16 Jul 2011 17:41:53 -0700
parents d15f85eb2ab9
children 4da97e040145
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
1 import os
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
2 from urlparse import urlparse
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
3 from webob import Response, exc
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
4
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
5 class Handler(object):
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
6 def __init__(self, app, request):
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
7 self.app = app
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
8 self.request = request
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
9 self.application_path = urlparse(request.application_url)[2]
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
10
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
11 def link(self, path=(), permanant=False):
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
12 if isinstance(path, basestring):
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
13 path = [ path ]
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
14 path = [ i.strip('/') for i in path ]
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
15 if permanant:
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
16 application_url = [ self.request.application_url ]
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
17 else:
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
18 application_url = [ self.application_path ]
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
19 path = application_url + path
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
20 return '/'.join(path)
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
21
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
22 def redirect(self, location):
13
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
23 return exc.HTTPSeeOther(location=location)
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
24
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
25 class Get(Handler):
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
26
13
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
27 form = """<form name="upload_form" method="post" enctype="multipart/form-data">
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
28 <input type="file" name="file"/><input type="submit" value="upload"/></form></body></html>"""
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
29
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
30 @classmethod
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
31 def match(cls, app, request):
7
a8c60480fce0 make query_string argument more universal
k0s <k0scist@gmail.com>
parents: 6
diff changeset
32 if app.query_string and (app.query_string not in request.GET):
a8c60480fce0 make query_string argument more universal
k0s <k0scist@gmail.com>
parents: 6
diff changeset
33 return False
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
34 return request.method == 'GET'
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
35
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
36 def __call__(self):
13
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
37 form = "<html><body>"
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
38 if 'uploaded' in self.request.GET:
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
39 form += '<div>%s uploaded successfully</div>' % self.request.GET['uploaded']
17
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
40 form += self.form
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
41 if self.app.display_contents:
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
42 contents = os.listdir(self.app.directory)
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
43 if contents:
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
44 contents.sort()
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
45 form += '<div><i>Currently uploaded:<ul><li>' + '</li><li>'.join(contents) + '</li></ul></i></div>'
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
46 else:
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
47 form += '<div><i>No files in upload directory</i></div>'
d15f85eb2ab9 optionally display upload directory contents
Jeff Hammel <jhammel@mozilla.com>
parents: 15
diff changeset
48 form += '</body></html>'
13
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
49 return Response(content_type='text/html', body=form)
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
50
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
51 class Post(Handler):
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
52
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
53 @classmethod
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
54 def match(cls, app, request):
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
55 return request.method == 'POST'
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
56
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
57 def write(self, fin, path):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
58 fout = file(path, 'w')
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
59 fout.write(fin.file.read())
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
60 fout.close()
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
61
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
62 def __call__(self):
18
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
63
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
64 # get the file
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
65 fin = self.request.POST['file']
15
1ee374416987 handle more gracefully when no file is uploaded
Jeff Hammel <jhammel@mozilla.com>
parents: 14
diff changeset
66 try:
18
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
67 _path = fin.filename:
15
1ee374416987 handle more gracefully when no file is uploaded
Jeff Hammel <jhammel@mozilla.com>
parents: 14
diff changeset
68 except AttributeError: # no file uploaded
1ee374416987 handle more gracefully when no file is uploaded
Jeff Hammel <jhammel@mozilla.com>
parents: 14
diff changeset
69 return self.redirect(self.link('/'))
18
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
70
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
71 # don't allow bad filenames
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
72 illegal = ['..', '<', '&', '>']
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
73 illegal.append(os.path.sep)
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
74 for i in illegal:
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
75 _path = _path.replace(i, '_')
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
76
cc5f567ce840 make it safe
Jeff Hammel <jhammel@mozilla.com>
parents: 17
diff changeset
77 # write the file + redirect
14
916d45d4f921 dont just die on questionable filenames
Jeff Hammel <jhammel@mozilla.com>
parents: 13
diff changeset
78 _path = os.path.join(self.app.directory, _path)
11
egj@socialplanning.org
parents: 10
diff changeset
79 self.write(fin, _path)
13
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
80 return self.redirect(self.link('/?uploaded=' + fin.filename))
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
81
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
82 def path(directory, request):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
83 if os.sep == '/':
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
84 return os.path.join(directory, request.path_info.strip('/'))
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
85 return os.path.join(directory, *request.path_info.strip('/').split('/'))
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
86
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
87 class SubpathGet(Get):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
88
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
89 @classmethod
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
90 def match(cls, app, request):
9
619516d8c9ff fix typoe
egj@socialplanning.org
parents: 7
diff changeset
91 if not Get.match(app, request):
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
92 return False
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
93 _path = path(app.directory, request)
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
94 if os.path.exists(_path) and os.path.isdir(_path):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
95 return True
0
827f7577f940 initial commit of file upload widget
k0s <k0scist@gmail.com>
parents:
diff changeset
96
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
97 class SubpathPost(Post):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
98
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
99 @classmethod
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
100 def match(cls, app, request):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
101 if request.method != 'POST':
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
102 return False
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
103 _path = path(app.directory, request)
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
104 if os.path.exists(_path) and os.path.isdir(_path):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
105 return True
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
106
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
107 def __call__(self):
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
108 fin = self.request.POST['file']
10
egj@socialplanning.org
parents: 9
diff changeset
109 _path = path(self.app.directory, self.request)
egj@socialplanning.org
parents: 9
diff changeset
110 _path = os.path.join(_path, fin.filename)
egj@socialplanning.org
parents: 9
diff changeset
111 self.write(fin, _path)
13
b8c636b0b567 make work for non pastescript frameworks
Jeff Hammel <jhammel@mozilla.com>
parents: 11
diff changeset
112 return self.redirect(self.link(self.request.path_info))
2
0b5fce452087 include handling of subpaths
k0s <k0scist@gmail.com>
parents: 0
diff changeset
113