Mercurial > hg > uploader
comparison uploader/handlers.py @ 2:0b5fce452087
include handling of subpaths
author | k0s <k0scist@gmail.com> |
---|---|
date | Sun, 27 Dec 2009 15:37:51 -0500 |
parents | 827f7577f940 |
children | d2990750e5d6 |
comparison
equal
deleted
inserted
replaced
1:a02c4fcd7001 | 2:0b5fce452087 |
---|---|
22 def redirect(self, location): | 22 def redirect(self, location): |
23 raise exc.HTTPSeeOther(location=location) | 23 raise exc.HTTPSeeOther(location=location) |
24 | 24 |
25 class Get(Handler): | 25 class Get(Handler): |
26 | 26 |
27 form = """<html><body><form name="upload_form" method="post" enctype="multipart/form-data"> | |
28 <input type="file" name="file"/><input type="submit" value="upload"/></form></body></html>""" | |
29 | |
27 @classmethod | 30 @classmethod |
28 def match(cls, request): | 31 def match(cls, app, request): |
29 return request.method == 'GET' | 32 return request.method == 'GET' |
30 | 33 |
31 def __call__(self): | 34 def __call__(self): |
32 retval = """<html><body><form name="upload_form" method="post" enctype="multipart/form-data"> | 35 return Response(content_type='text/html', body=self.form) |
33 <input type="file" name="file"/><input type="submit" value="upload"/></form></body></html>""" | |
34 return Response(content_type='text/html', body=retval) | |
35 | 36 |
36 class Post(Handler): | 37 class Post(Handler): |
37 | 38 |
38 @classmethod | 39 @classmethod |
39 def match(cls, request): | 40 def match(cls, app, request): |
40 return request.method == 'POST' | 41 return request.method == 'POST' |
42 | |
43 def write(self, fin, path): | |
44 assert os.sep not in fin.filename | |
45 assert '..' not in fin.filename | |
46 fout = file(path, 'w') | |
47 fout.write(fin.file.read()) | |
48 fout.close() | |
41 | 49 |
42 def __call__(self): | 50 def __call__(self): |
43 fin = self.request.POST['file'] | 51 fin = self.request.POST['file'] |
44 assert os.sep not in fin.filename | 52 _path = os.path.join(self.app.directory, fin.filename) |
45 assert '..' not in fin.filename | 53 self.write(self, fin, _path) |
46 fout = file(os.path.join(self.app.directory, fin.filename), 'w') | |
47 fout.write(fin.file.read()) | |
48 fout.close() | |
49 self.redirect(self.link('/')) | 54 self.redirect(self.link('/')) |
55 | |
56 def path(directory, request): | |
57 if os.sep == '/': | |
58 return os.path.join(directory, request.path_info.strip('/')) | |
59 return os.path.join(directory, *request.path_info.strip('/').split('/')) | |
60 | |
61 class SubpathGet(Get): | |
62 | |
63 @classmethod | |
64 def match(cls, app, request): | |
65 if request.method != 'GET' or not app.query_string: | |
66 return False | |
67 if app.query_string not in request.GET: | |
68 return False | |
69 _path = path(app.directory, request) | |
70 if os.path.exists(_path) and os.path.isdir(_path): | |
71 return True | |
50 | 72 |
73 class SubpathPost(Post): | |
74 | |
75 @classmethod | |
76 def match(cls, app, request): | |
77 if request.method != 'POST': | |
78 return False | |
79 _path = path(app.directory, request) | |
80 if os.path.exists(_path) and os.path.isdir(_path): | |
81 return True | |
82 | |
83 def __call__(self): | |
84 fin = self.request.POST['file'] | |
85 _path = path(self.app.directory, request) | |
86 _path = os.path.join(path, fin.filename) | |
87 self.write(self, fin, _path) | |
88 self.redirect(self.link(request.path_info)) | |
89 |