Mercurial > hg > uploader
diff uploader/handlers.py @ 2:0b5fce452087
include handling of subpaths
author | k0s <k0scist@gmail.com> |
---|---|
date | Sun, 27 Dec 2009 15:37:51 -0500 |
parents | 827f7577f940 |
children | d2990750e5d6 |
line wrap: on
line diff
--- a/uploader/handlers.py Sun Dec 27 13:29:27 2009 -0500 +++ b/uploader/handlers.py Sun Dec 27 15:37:51 2009 -0500 @@ -24,27 +24,66 @@ class Get(Handler): + form = """<html><body><form name="upload_form" method="post" enctype="multipart/form-data"> +<input type="file" name="file"/><input type="submit" value="upload"/></form></body></html>""" + @classmethod - def match(cls, request): + def match(cls, app, request): return request.method == 'GET' def __call__(self): - retval = """<html><body><form name="upload_form" method="post" enctype="multipart/form-data"> -<input type="file" name="file"/><input type="submit" value="upload"/></form></body></html>""" - return Response(content_type='text/html', body=retval) + return Response(content_type='text/html', body=self.form) class Post(Handler): @classmethod - def match(cls, request): + def match(cls, app, request): return request.method == 'POST' + def write(self, fin, path): + assert os.sep not in fin.filename + assert '..' not in fin.filename + fout = file(path, 'w') + fout.write(fin.file.read()) + fout.close() + def __call__(self): fin = self.request.POST['file'] - assert os.sep not in fin.filename - assert '..' not in fin.filename - fout = file(os.path.join(self.app.directory, fin.filename), 'w') - fout.write(fin.file.read()) - fout.close() + _path = os.path.join(self.app.directory, fin.filename) + self.write(self, fin, _path) self.redirect(self.link('/')) + +def path(directory, request): + if os.sep == '/': + return os.path.join(directory, request.path_info.strip('/')) + return os.path.join(directory, *request.path_info.strip('/').split('/')) + +class SubpathGet(Get): + + @classmethod + def match(cls, app, request): + if request.method != 'GET' or not app.query_string: + return False + if app.query_string not in request.GET: + return False + _path = path(app.directory, request) + if os.path.exists(_path) and os.path.isdir(_path): + return True +class SubpathPost(Post): + + @classmethod + def match(cls, app, request): + if request.method != 'POST': + return False + _path = path(app.directory, request) + if os.path.exists(_path) and os.path.isdir(_path): + return True + + def __call__(self): + fin = self.request.POST['file'] + _path = path(self.app.directory, request) + _path = os.path.join(path, fin.filename) + self.write(self, fin, _path) + self.redirect(self.link(request.path_info)) +