X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/2093e5fc5be1b99b69dde50077134072d5de4de0..1ca6d764bb26082e103bfa81e586de5ee43eef02:/apps/fileupload/views.py?ds=inline diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py index 89cc480f..2d978727 100644 --- a/apps/fileupload/views.py +++ b/apps/fileupload/views.py @@ -38,12 +38,11 @@ class JSONResponse(HttpResponse): class UploadViewMixin(object): def get_safe_path(self, filename=""): """Finds absolute filesystem path of the browsed dir of file. - + Makes sure it's inside MEDIA_ROOT. - + """ path = os.path.abspath(os.path.join(settings.MEDIA_ROOT, self.get_directory(), filename)) - # WTF how would that be possible? if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)): raise Http404 if filename: @@ -137,7 +136,7 @@ class UploadView(UploadViewMixin, FormView): for chunk in f.chunks(): destination.write(chunk) data.append({ - 'name': f.name, + 'name': f.name, 'url': self.get_url(f.name), 'thumbnail_url': thumbnail(self.get_directory() + f.name), 'delete_url': "%s?file=%s" % ( @@ -157,6 +156,9 @@ class UploadView(UploadViewMixin, FormView): class PackageView(UploadViewMixin, RedirectView): + # usage of RedirectView here is really really ugly + permanent = False + def dispatch(self, request, *args, **kwargs): self.object = self.get_object(request, *args, **kwargs) path = self.get_safe_path()