+# -*- coding: utf-8 -*-
+#
+# This file is part of MIL/PEER, licensed under GNU Affero GPLv3 or later.
+# Copyright © Fundacja Nowoczesna Polska. See NOTICE for more information.
+#
import json
import os
from urllib import quote
from django.conf import settings
-from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden, Http404
+from django.http import HttpResponse, Http404
from django.utils.decorators import method_decorator
from django.views.decorators.vary import vary_on_headers
-from django.views.generic import FormView, View
+from django.views.generic import FormView
from .forms import UploadForm
super(JSONResponse, self).__init__(content, mimetype, *args, **kwargs)
-class UploadView(FormView):
+class UploadViewMixin(object):
+ def get_safe_path(self, filename=""):
+ """Finds absolute filesystem path of the browsed dir of file.
+
+ Makes sure it's inside MEDIA_ROOT.
+
+ """
+ path = os.path.abspath(os.path.join(
+ settings.MEDIA_ROOT,
+ self.get_directory(),
+ filename))
+ if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)):
+ raise Http404
+ if filename:
+ if not path.startswith(self.get_safe_path()):
+ raise Http404
+ return path
+
+
+class UploadView(UploadViewMixin, FormView):
template_name = "fileupload/picture_form.html"
form_class = UploadForm
directory = os.path.dirname(directory)
now_path = (os.path.dirname(now_path))
while directory:
- crumbs.insert(0, (os.path.basename(directory), now_path+'/'))
+ crumbs.insert(0, (os.path.basename(directory), now_path + '/'))
directory = os.path.dirname(directory)
now_path = os.path.dirname(now_path)
crumbs.insert(0, ('media', now_path))
crumbs = [('media',)]
return crumbs
- def get_safe_path(self, filename=""):
- """Finds absolute filesystem path of the browsed dir of file.
-
- Makes sure it's inside MEDIA_ROOT.
-
- """
- path = os.path.abspath(os.path.join(
- settings.MEDIA_ROOT,
- self.get_directory(),
- filename))
- if not path.startswith(settings.MEDIA_ROOT):
- raise Http404
- if filename:
- if not path.startswith(self.get_safe_path()):
- raise Http404
- return path
-
def get_url(self, filename):
"""Finds URL of a file in browsed dir."""
return settings.MEDIA_URL + self.get_directory() + quote(filename.encode('utf-8'))
quote(f.encode('utf-8'))),
'delete_type': "DELETE"
})
- thumbnail_url = thumbnail(self.get_directory() + f),
files.append(file_info)
return JSONResponse(files)
else:
'name': f.name,
'url': self.get_url(f.name),
'thumbnail_url': thumbnail(self.get_directory() + f.name),
- 'delete_url': "%s?file=%s" % (
- self.request.get_full_path(),
- quote(f.name.encode('utf-8'))),
+ 'delete_url': "%s?file=%s" % (
+ self.request.get_full_path(),
+ quote(f.name.encode('utf-8'))),
'delete_type': "DELETE"
})
response = JSONResponse(data)