Fixed attachments
This commit is contained in:
parent
d7d9933735
commit
c43f8c1d92
@ -106,9 +106,8 @@ def edit_attachments(request, media):
|
|||||||
form = forms.EditAttachmentsForm()
|
form = forms.EditAttachmentsForm()
|
||||||
|
|
||||||
# Add any attachements
|
# Add any attachements
|
||||||
if ('attachment_file' in request.form
|
if 'attachment_file' in request.files \
|
||||||
and isinstance(request.form['attachment_file'], FieldStorage)
|
and request.files['attachment_file']:
|
||||||
and request.form['attachment_file'].file):
|
|
||||||
|
|
||||||
# Security measure to prevent attachments from being served as
|
# Security measure to prevent attachments from being served as
|
||||||
# text/html, which will be parsed by web clients and pose an XSS
|
# text/html, which will be parsed by web clients and pose an XSS
|
||||||
@ -121,13 +120,13 @@ def edit_attachments(request, media):
|
|||||||
# machine parsing the upload form, and not necessarily the machine
|
# machine parsing the upload form, and not necessarily the machine
|
||||||
# serving the attachments.
|
# serving the attachments.
|
||||||
if mimetypes.guess_type(
|
if mimetypes.guess_type(
|
||||||
request.form['attachment_file'].filename)[0] in \
|
request.files['attachment_file'].filename)[0] in \
|
||||||
UNSAFE_MIMETYPES:
|
UNSAFE_MIMETYPES:
|
||||||
public_filename = secure_filename('{0}.notsafe'.format(
|
public_filename = secure_filename('{0}.notsafe'.format(
|
||||||
request.form['attachment_file'].filename))
|
request.files['attachment_file'].filename))
|
||||||
else:
|
else:
|
||||||
public_filename = secure_filename(
|
public_filename = secure_filename(
|
||||||
request.form['attachment_file'].filename)
|
request.files['attachment_file'].filename)
|
||||||
|
|
||||||
attachment_public_filepath \
|
attachment_public_filepath \
|
||||||
= mg_globals.public_store.get_unique_filepath(
|
= mg_globals.public_store.get_unique_filepath(
|
||||||
@ -139,13 +138,13 @@ def edit_attachments(request, media):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
attachment_public_file.write(
|
attachment_public_file.write(
|
||||||
request.form['attachment_file'].file.read())
|
request.files['attachment_file'].stream.read())
|
||||||
finally:
|
finally:
|
||||||
request.form['attachment_file'].file.close()
|
request.files['attachment_file'].stream.close()
|
||||||
|
|
||||||
media.attachment_files.append(dict(
|
media.attachment_files.append(dict(
|
||||||
name=request.form['attachment_name'] \
|
name=request.form['attachment_name'] \
|
||||||
or request.form['attachment_file'].filename,
|
or request.files['attachment_file'].filename,
|
||||||
filepath=attachment_public_filepath,
|
filepath=attachment_public_filepath,
|
||||||
created=datetime.utcnow(),
|
created=datetime.utcnow(),
|
||||||
))
|
))
|
||||||
@ -156,7 +155,7 @@ def edit_attachments(request, media):
|
|||||||
request, messages.SUCCESS,
|
request, messages.SUCCESS,
|
||||||
"You added the attachment %s!" \
|
"You added the attachment %s!" \
|
||||||
% (request.form['attachment_name']
|
% (request.form['attachment_name']
|
||||||
or request.form['attachment_file'].filename))
|
or request.files['attachment_file'].filename))
|
||||||
|
|
||||||
return exc.HTTPFound(
|
return exc.HTTPFound(
|
||||||
location=media.url_for_self(request.urlgen))
|
location=media.url_for_self(request.urlgen))
|
||||||
|
@ -104,10 +104,13 @@ class CloudFilesStorage(StorageInterface):
|
|||||||
mimetype = mimetypes.guess_type(
|
mimetype = mimetypes.guess_type(
|
||||||
filepath[-1])
|
filepath[-1])
|
||||||
|
|
||||||
if mimetype:
|
if mimetype[0]:
|
||||||
# Set the mimetype on the CloudFiles object
|
# Set the mimetype on the CloudFiles object
|
||||||
obj.content_type = mimetype[0]
|
obj.content_type = mimetype[0]
|
||||||
obj.metadata = {'mime-type': mimetype[0]}
|
obj.metadata = {'mime-type': mimetype[0]}
|
||||||
|
else:
|
||||||
|
obj.content_type = 'application/octet-stream'
|
||||||
|
obj.metadata = {'mime-type': 'application/octet-stream'}
|
||||||
|
|
||||||
return CloudFilesStorageObjectWrapper(obj, *args, **kwargs)
|
return CloudFilesStorageObjectWrapper(obj, *args, **kwargs)
|
||||||
|
|
||||||
|
@ -78,4 +78,4 @@ add_route('mediagoblin.edit.edit_media',
|
|||||||
|
|
||||||
add_route('mediagoblin.edit.attachments',
|
add_route('mediagoblin.edit.attachments',
|
||||||
'/u/<string:user>/m/<string:media>/attachments/',
|
'/u/<string:user>/m/<string:media>/attachments/',
|
||||||
'mediagoblin.user_pages.views:edit_attachments')
|
'mediagoblin.edit.views:edit_attachments')
|
||||||
|
Loading…
x
Reference in New Issue
Block a user