X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/f94edd9a113edc20aec58e3c48533f16f3945c38..8a447be1859d9291fedfd50446ab0d8e980d23dd:/apps/fileupload/views.py diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py index fc4af0cd..2d978727 100644 --- a/apps/fileupload/views.py +++ b/apps/fileupload/views.py @@ -6,6 +6,7 @@ from urllib import quote from django.conf import settings from django.http import HttpResponse, Http404 from django.utils.decorators import method_decorator +from django.utils.encoding import force_unicode from django.views.decorators.vary import vary_on_headers from django.views.generic import FormView, RedirectView from .forms import UploadForm @@ -37,18 +38,17 @@ class JSONResponse(HttpResponse): class UploadViewMixin(object): def get_safe_path(self, filename=""): """Finds absolute filesystem path of the browsed dir of file. - + Makes sure it's inside MEDIA_ROOT. - + """ path = os.path.abspath(os.path.join(settings.MEDIA_ROOT, self.get_directory(), filename)) - # WTF how would that be possible? if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)): raise Http404 if filename: if not path.startswith(self.get_safe_path()): raise Http404 - return path + return force_unicode(path) class UploadView(UploadViewMixin, FormView): @@ -136,7 +136,7 @@ class UploadView(UploadViewMixin, FormView): for chunk in f.chunks(): destination.write(chunk) data.append({ - 'name': f.name, + 'name': f.name, 'url': self.get_url(f.name), 'thumbnail_url': thumbnail(self.get_directory() + f.name), 'delete_url': "%s?file=%s" % ( @@ -156,6 +156,9 @@ class UploadView(UploadViewMixin, FormView): class PackageView(UploadViewMixin, RedirectView): + # usage of RedirectView here is really really ugly + permanent = False + def dispatch(self, request, *args, **kwargs): self.object = self.get_object(request, *args, **kwargs) path = self.get_safe_path()