X-Git-Url: https://git.mdrn.pl/redakcja.git/blobdiff_plain/f94edd9a113edc20aec58e3c48533f16f3945c38..a63583dde22e6a021200fa5ee6ee980a2342c678:/apps/fileupload/views.py?ds=inline diff --git a/apps/fileupload/views.py b/apps/fileupload/views.py index fc4af0cd..cfaedc80 100644 --- a/apps/fileupload/views.py +++ b/apps/fileupload/views.py @@ -6,8 +6,11 @@ from urllib import quote from django.conf import settings from django.http import HttpResponse, Http404 from django.utils.decorators import method_decorator +from django.utils.encoding import force_unicode from django.views.decorators.vary import vary_on_headers from django.views.generic import FormView, RedirectView +from unidecode import unidecode + from .forms import UploadForm @@ -37,18 +40,17 @@ class JSONResponse(HttpResponse): class UploadViewMixin(object): def get_safe_path(self, filename=""): """Finds absolute filesystem path of the browsed dir of file. - + Makes sure it's inside MEDIA_ROOT. - + """ path = os.path.abspath(os.path.join(settings.MEDIA_ROOT, self.get_directory(), filename)) - # WTF how would that be possible? if not path.startswith(os.path.abspath(settings.MEDIA_ROOT)): raise Http404 if filename: if not path.startswith(self.get_safe_path()): raise Http404 - return path + return force_unicode(path) class UploadView(UploadViewMixin, FormView): @@ -132,11 +134,12 @@ class UploadView(UploadViewMixin, FormView): os.makedirs(path) data = [] for f in flist: + f.name = unidecode(f.name) with open(self.get_safe_path(f.name), 'w') as destination: for chunk in f.chunks(): destination.write(chunk) data.append({ - 'name': f.name, + 'name': f.name, 'url': self.get_url(f.name), 'thumbnail_url': thumbnail(self.get_directory() + f.name), 'delete_url': "%s?file=%s" % ( @@ -156,6 +159,9 @@ class UploadView(UploadViewMixin, FormView): class PackageView(UploadViewMixin, RedirectView): + # usage of RedirectView here is really really ugly + permanent = False + def dispatch(self, request, *args, **kwargs): self.object = self.get_object(request, *args, **kwargs) path = self.get_safe_path()