Mercurial > hg > agora-ahsan
comparison apps/snippet/forms.py @ 135:f299232c82e8
Perform basic validation on snippet file uploads
To prevent users from uploading binary files. This is not a complete fix.
| author | dellsystem <ilostwaldo@gmail.com> |
|---|---|
| date | Sat, 22 Sep 2012 12:39:37 -0400 (2012-09-22) |
| parents | ba51d3b7740b |
| children | c7be7def8b57 |
comparison
equal
deleted
inserted
replaced
| 134:3a850f49eea6 | 135:f299232c82e8 |
|---|---|
| 59 file_data = cleaned_data.get('file') | 59 file_data = cleaned_data.get('file') |
| 60 content = cleaned_data.get('content') | 60 content = cleaned_data.get('content') |
| 61 | 61 |
| 62 if file_data: | 62 if file_data: |
| 63 file_data.open() | 63 file_data.open() |
| 64 cleaned_data['content'] = file_data.read() | 64 content_type = file_data.content_type |
| 65 | |
| 66 # Do some very basic checking of types. NOT SECURE. | |
| 67 if (content_type.startswith('text/') or | |
| 68 content_type.startswith('application')): | |
| 69 cleaned_data['content'] = file_data.read() | |
| 70 else: | |
| 71 raise forms.ValidationError(_("Please ensure that you upload \ | |
| 72 a text file.")) | |
| 65 elif not content: | 73 elif not content: |
| 66 # No snippet data specified | 74 # No snippet data specified |
| 67 raise forms.ValidationError(_("Please specify some content for \ | 75 raise forms.ValidationError(_("Please specify some content for \ |
| 68 the snippet, either in the content field or by uploading \ | 76 the snippet, either in the content field or by uploading \ |
| 69 a file.")) | 77 a file.")) |