2011-03-28 02:11:19 +00:00
|
|
|
import hashlib
|
2008-07-01 15:10:51 +00:00
|
|
|
import os
|
2011-10-13 18:51:33 +00:00
|
|
|
|
2008-07-01 15:10:51 +00:00
|
|
|
from django.core.files.uploadedfile import UploadedFile
|
2020-02-19 18:53:48 +00:00
|
|
|
from django.core.files.uploadhandler import TemporaryFileUploadHandler
|
2017-02-07 18:23:57 +00:00
|
|
|
from django.http import HttpResponse, HttpResponseServerError, JsonResponse
|
2011-10-13 18:51:33 +00:00
|
|
|
|
2012-10-30 21:20:42 +00:00
|
|
|
from .models import FileModel
|
2022-12-30 11:47:59 +00:00
|
|
|
from .tests import UNICODE_FILENAME, UPLOAD_FOLDER
|
2020-09-28 08:09:29 +00:00
|
|
|
from .uploadhandler import (
|
|
|
|
ErroringUploadHandler,
|
|
|
|
QuotaUploadHandler,
|
|
|
|
StopUploadTemporaryFileHandler,
|
2021-03-16 09:19:00 +00:00
|
|
|
TraversalUploadHandler,
|
2020-09-28 08:09:29 +00:00
|
|
|
)
|
2011-10-13 18:51:33 +00:00
|
|
|
|
2008-07-01 15:10:51 +00:00
|
|
|
|
|
|
|
def file_upload_view(request):
|
|
|
|
"""
|
2016-10-27 07:53:39 +00:00
|
|
|
A file upload can be updated into the POST dictionary.
|
2008-07-01 15:10:51 +00:00
|
|
|
"""
|
|
|
|
form_data = request.POST.copy()
|
|
|
|
form_data.update(request.FILES)
|
2016-12-29 15:27:49 +00:00
|
|
|
if isinstance(form_data.get("file_field"), UploadedFile) and isinstance(
|
|
|
|
form_data["name"], str
|
|
|
|
):
|
2008-07-01 15:10:51 +00:00
|
|
|
# If a file is posted, the dummy client should only post the file name,
|
|
|
|
# not the full path.
|
2008-07-07 23:16:00 +00:00
|
|
|
if os.path.dirname(form_data["file_field"].name) != "":
|
2010-03-02 21:58:49 +00:00
|
|
|
return HttpResponseServerError()
|
2019-02-09 21:27:32 +00:00
|
|
|
return HttpResponse()
|
2008-07-01 15:10:51 +00:00
|
|
|
else:
|
|
|
|
return HttpResponseServerError()
|
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2008-07-01 15:10:51 +00:00
|
|
|
def file_upload_view_verify(request):
|
|
|
|
"""
|
|
|
|
Use the sha digest hash to verify the uploaded contents.
|
|
|
|
"""
|
|
|
|
form_data = request.POST.copy()
|
|
|
|
form_data.update(request.FILES)
|
|
|
|
|
|
|
|
for key, value in form_data.items():
|
|
|
|
if key.endswith("_hash"):
|
|
|
|
continue
|
|
|
|
if key + "_hash" not in form_data:
|
|
|
|
continue
|
|
|
|
submitted_hash = form_data[key + "_hash"]
|
|
|
|
if isinstance(value, UploadedFile):
|
2011-03-28 02:11:19 +00:00
|
|
|
new_hash = hashlib.sha1(value.read()).hexdigest()
|
2008-07-01 15:10:51 +00:00
|
|
|
else:
|
2018-02-07 19:20:04 +00:00
|
|
|
new_hash = hashlib.sha1(value.encode()).hexdigest()
|
2008-07-01 15:10:51 +00:00
|
|
|
if new_hash != submitted_hash:
|
|
|
|
return HttpResponseServerError()
|
|
|
|
|
2008-08-23 17:56:02 +00:00
|
|
|
# Adding large file to the database should succeed
|
|
|
|
largefile = request.FILES["file_field2"]
|
|
|
|
obj = FileModel()
|
|
|
|
obj.testfile.save(largefile.name, largefile)
|
|
|
|
|
2019-02-09 21:27:32 +00:00
|
|
|
return HttpResponse()
|
2008-07-01 15:10:51 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2009-04-04 17:34:58 +00:00
|
|
|
def file_upload_unicode_name(request):
|
2020-04-18 14:46:05 +00:00
|
|
|
# Check to see if Unicode name came through properly.
|
2009-04-04 17:34:58 +00:00
|
|
|
if not request.FILES["file_unicode"].name.endswith(UNICODE_FILENAME):
|
|
|
|
return HttpResponseServerError()
|
|
|
|
# Check to make sure the exotic characters are preserved even
|
|
|
|
# through file save.
|
|
|
|
uni_named_file = request.FILES["file_unicode"]
|
2022-12-30 11:47:59 +00:00
|
|
|
file_model = FileModel.objects.create(testfile=uni_named_file)
|
|
|
|
full_name = f"{UPLOAD_FOLDER}/{uni_named_file.name}"
|
|
|
|
return (
|
|
|
|
HttpResponse()
|
|
|
|
if file_model.testfile.storage.exists(full_name)
|
|
|
|
else HttpResponseServerError()
|
|
|
|
)
|
2009-04-04 17:34:58 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2008-07-01 15:10:51 +00:00
|
|
|
def file_upload_echo(request):
|
|
|
|
"""
|
|
|
|
Simple view to echo back info about uploaded files for tests.
|
|
|
|
"""
|
2014-12-06 21:00:09 +00:00
|
|
|
r = {k: f.name for k, f in request.FILES.items()}
|
2017-02-07 18:23:57 +00:00
|
|
|
return JsonResponse(r)
|
2010-03-02 21:58:49 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2011-05-07 16:59:16 +00:00
|
|
|
def file_upload_echo_content(request):
|
|
|
|
"""
|
|
|
|
Simple view to echo back the content of uploaded files for tests.
|
|
|
|
"""
|
2022-02-03 19:24:19 +00:00
|
|
|
|
2015-07-01 21:37:10 +00:00
|
|
|
def read_and_close(f):
|
2017-01-19 13:50:28 +00:00
|
|
|
with f:
|
2017-02-07 17:05:47 +00:00
|
|
|
return f.read().decode()
|
2022-02-03 19:24:19 +00:00
|
|
|
|
2015-07-01 21:37:10 +00:00
|
|
|
r = {k: read_and_close(f) for k, f in request.FILES.items()}
|
2017-02-07 18:23:57 +00:00
|
|
|
return JsonResponse(r)
|
2011-05-07 16:59:16 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2008-07-01 15:10:51 +00:00
|
|
|
def file_upload_quota(request):
|
|
|
|
"""
|
|
|
|
Dynamically add in an upload handler.
|
|
|
|
"""
|
|
|
|
request.upload_handlers.insert(0, QuotaUploadHandler())
|
|
|
|
return file_upload_echo(request)
|
2010-03-02 21:58:49 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2008-07-01 15:10:51 +00:00
|
|
|
def file_upload_quota_broken(request):
|
|
|
|
"""
|
|
|
|
You can't change handlers after reading FILES; this view shouldn't work.
|
|
|
|
"""
|
|
|
|
response = file_upload_echo(request)
|
|
|
|
request.upload_handlers.insert(0, QuotaUploadHandler())
|
2008-07-07 22:06:32 +00:00
|
|
|
return response
|
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2020-09-28 08:09:29 +00:00
|
|
|
def file_stop_upload_temporary_file(request):
|
|
|
|
request.upload_handlers.insert(0, StopUploadTemporaryFileHandler())
|
|
|
|
request.upload_handlers.pop(2)
|
|
|
|
request.FILES # Trigger file parsing.
|
|
|
|
return JsonResponse(
|
|
|
|
{"temp_path": request.upload_handlers[0].file.temporary_file_path()},
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2020-02-19 18:53:48 +00:00
|
|
|
def file_upload_interrupted_temporary_file(request):
|
|
|
|
request.upload_handlers.insert(0, TemporaryFileUploadHandler())
|
|
|
|
request.upload_handlers.pop(2)
|
|
|
|
request.FILES # Trigger file parsing.
|
|
|
|
return JsonResponse(
|
|
|
|
{"temp_path": request.upload_handlers[0].file.temporary_file_path()},
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2008-07-07 22:06:32 +00:00
|
|
|
def file_upload_getlist_count(request):
|
|
|
|
"""
|
|
|
|
Check the .getlist() function to ensure we receive the correct number of files.
|
|
|
|
"""
|
|
|
|
file_counts = {}
|
|
|
|
|
2017-05-27 23:08:46 +00:00
|
|
|
for key in request.FILES:
|
2008-07-07 22:06:32 +00:00
|
|
|
file_counts[key] = len(request.FILES.getlist(key))
|
2017-02-07 18:23:57 +00:00
|
|
|
return JsonResponse(file_counts)
|
2008-08-30 19:56:14 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2008-08-30 19:56:14 +00:00
|
|
|
def file_upload_errors(request):
|
|
|
|
request.upload_handlers.insert(0, ErroringUploadHandler())
|
|
|
|
return file_upload_echo(request)
|
2011-05-22 23:56:42 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2011-05-22 23:56:42 +00:00
|
|
|
def file_upload_filename_case_view(request):
|
|
|
|
"""
|
|
|
|
Check adding the file to the database will preserve the filename case.
|
|
|
|
"""
|
|
|
|
file = request.FILES["file_field"]
|
|
|
|
obj = FileModel()
|
|
|
|
obj.testfile.save(file.name, file)
|
|
|
|
return HttpResponse("%d" % obj.pk)
|
2013-04-19 17:20:23 +00:00
|
|
|
|
2013-11-03 04:36:09 +00:00
|
|
|
|
2013-04-19 17:20:23 +00:00
|
|
|
def file_upload_content_type_extra(request):
|
|
|
|
"""
|
|
|
|
Simple view to echo back extra content-type parameters.
|
|
|
|
"""
|
|
|
|
params = {}
|
|
|
|
for file_name, uploadedfile in request.FILES.items():
|
2018-02-07 19:20:04 +00:00
|
|
|
params[file_name] = {
|
|
|
|
k: v.decode() for k, v in uploadedfile.content_type_extra.items()
|
|
|
|
}
|
2017-02-07 18:23:57 +00:00
|
|
|
return JsonResponse(params)
|
2014-05-25 20:52:47 +00:00
|
|
|
|
|
|
|
|
|
|
|
def file_upload_fd_closing(request, access):
|
|
|
|
if access == "t":
|
|
|
|
request.FILES # Trigger file parsing.
|
2019-02-09 21:27:32 +00:00
|
|
|
return HttpResponse()
|
2021-03-16 09:19:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
def file_upload_traversal_view(request):
|
|
|
|
request.upload_handlers.insert(0, TraversalUploadHandler())
|
|
|
|
request.FILES # Trigger file parsing.
|
|
|
|
return JsonResponse(
|
|
|
|
{"file_name": request.upload_handlers[0].file_name},
|
|
|
|
)
|