from django.utils.encoding import force_str
from django.utils.http import urlquote_plus
from django.views.decorators.http import require_POST
+from unidecode import unidecode
from catalogue import forms
from catalogue.forms import TagMultipleForm, TagSingleForm
def create_missing(request):
if request.method == "POST":
form = forms.DocumentCreateForm(request.POST, request.FILES)
- # tag_forms = [
- # (TagMultipleForm if category.multiple else TagSingleForm)(
- # category=category, data=request.POST, prefix=category.dc_tag)
- # for category in Category.objects.all()]
- if form.is_valid(): # and all(tag_form.is_valid() for tag_form in tag_forms):
+ tag_forms = [
+ (TagMultipleForm if category.multiple else TagSingleForm)(
+ category=category, data=request.POST, prefix=category.dc_tag)
+ for category in Category.objects.all()]
+ if form.is_valid() and all(tag_form.is_valid() for tag_form in tag_forms):
if request.user.is_authenticated():
creator = request.user
path = settings.MEDIA_ROOT + uppath
if not os.path.isdir(path):
os.makedirs(path)
- dest_path = path + cover.name # UNSAFE
+ cover.name = unidecode(cover.name)
+ dest_path = path + cover.name
+ if not os.path.abspath(dest_path).startswith(os.path.abspath(path)):
+ raise Http404
with open(dest_path, 'w') as destination:
for chunk in cover.chunks():
destination.write(chunk)
form = forms.DocumentCreateForm(initial={'owner_organization': org})
- # tag_forms = [
- # (TagMultipleForm if category.multiple else TagSingleForm)(category=category, prefix=category.dc_tag)
- # for category in Category.objects.all()]
+ tag_forms = [
+ (TagMultipleForm if category.multiple else TagSingleForm)(category=category, prefix=category.dc_tag)
+ for category in Category.objects.all()]
return render(request, "catalogue/document_create_missing.html", {
"form": form,
- # "tag_forms": tag_forms,
+ "tag_forms": tag_forms,
"logout_to": '/',
})