Mercurial > hg > uploader
comparison uploader/handlers.py @ 2:0b5fce452087
include handling of subpaths
| author | k0s <k0scist@gmail.com> |
|---|---|
| date | Sun, 27 Dec 2009 15:37:51 -0500 |
| parents | 827f7577f940 |
| children | d2990750e5d6 |
comparison
equal
deleted
inserted
replaced
| 1:a02c4fcd7001 | 2:0b5fce452087 |
|---|---|
| 22 def redirect(self, location): | 22 def redirect(self, location): |
| 23 raise exc.HTTPSeeOther(location=location) | 23 raise exc.HTTPSeeOther(location=location) |
| 24 | 24 |
| 25 class Get(Handler): | 25 class Get(Handler): |
| 26 | 26 |
| 27 form = """<html><body><form name="upload_form" method="post" enctype="multipart/form-data"> | |
| 28 <input type="file" name="file"/><input type="submit" value="upload"/></form></body></html>""" | |
| 29 | |
| 27 @classmethod | 30 @classmethod |
| 28 def match(cls, request): | 31 def match(cls, app, request): |
| 29 return request.method == 'GET' | 32 return request.method == 'GET' |
| 30 | 33 |
| 31 def __call__(self): | 34 def __call__(self): |
| 32 retval = """<html><body><form name="upload_form" method="post" enctype="multipart/form-data"> | 35 return Response(content_type='text/html', body=self.form) |
| 33 <input type="file" name="file"/><input type="submit" value="upload"/></form></body></html>""" | |
| 34 return Response(content_type='text/html', body=retval) | |
| 35 | 36 |
| 36 class Post(Handler): | 37 class Post(Handler): |
| 37 | 38 |
| 38 @classmethod | 39 @classmethod |
| 39 def match(cls, request): | 40 def match(cls, app, request): |
| 40 return request.method == 'POST' | 41 return request.method == 'POST' |
| 42 | |
| 43 def write(self, fin, path): | |
| 44 assert os.sep not in fin.filename | |
| 45 assert '..' not in fin.filename | |
| 46 fout = file(path, 'w') | |
| 47 fout.write(fin.file.read()) | |
| 48 fout.close() | |
| 41 | 49 |
| 42 def __call__(self): | 50 def __call__(self): |
| 43 fin = self.request.POST['file'] | 51 fin = self.request.POST['file'] |
| 44 assert os.sep not in fin.filename | 52 _path = os.path.join(self.app.directory, fin.filename) |
| 45 assert '..' not in fin.filename | 53 self.write(self, fin, _path) |
| 46 fout = file(os.path.join(self.app.directory, fin.filename), 'w') | |
| 47 fout.write(fin.file.read()) | |
| 48 fout.close() | |
| 49 self.redirect(self.link('/')) | 54 self.redirect(self.link('/')) |
| 55 | |
| 56 def path(directory, request): | |
| 57 if os.sep == '/': | |
| 58 return os.path.join(directory, request.path_info.strip('/')) | |
| 59 return os.path.join(directory, *request.path_info.strip('/').split('/')) | |
| 60 | |
| 61 class SubpathGet(Get): | |
| 62 | |
| 63 @classmethod | |
| 64 def match(cls, app, request): | |
| 65 if request.method != 'GET' or not app.query_string: | |
| 66 return False | |
| 67 if app.query_string not in request.GET: | |
| 68 return False | |
| 69 _path = path(app.directory, request) | |
| 70 if os.path.exists(_path) and os.path.isdir(_path): | |
| 71 return True | |
| 50 | 72 |
| 73 class SubpathPost(Post): | |
| 74 | |
| 75 @classmethod | |
| 76 def match(cls, app, request): | |
| 77 if request.method != 'POST': | |
| 78 return False | |
| 79 _path = path(app.directory, request) | |
| 80 if os.path.exists(_path) and os.path.isdir(_path): | |
| 81 return True | |
| 82 | |
| 83 def __call__(self): | |
| 84 fin = self.request.POST['file'] | |
| 85 _path = path(self.app.directory, request) | |
| 86 _path = os.path.join(path, fin.filename) | |
| 87 self.write(self, fin, _path) | |
| 88 self.redirect(self.link(request.path_info)) | |
| 89 |