def getFileUploadMaximumSize(request): """ Return a nicely rendered string of the maximum file size for uploads as defined in the ini configuration of the application. """ maxSize = upload_max_file_size(request) if maxSize < (1024*1024): maxSize = '%s KB' % (maxSize / 1024) else: maxSize = '%s MB' % round(maxSize / (1024*1024.0), 1) return maxSize
def handle_upload(request, filedict): """ Handle the upload of a new file. http://code.google.com/p/file-uploader/ """ TEMP_FOLDER_NAME = "temp" ret = {"success": False, "msg": ""} filename = None filetype = None file = None try: filename = filedict["filename"] file = filedict["fp"] filetype = filedict["mimetype"] except: ret["msg"] = _("Not all necessary values were provided.") valid = False if filename is None or file is None or filetype is None: ret["msg"] = "Uploaded file not found." # Check upload directory upload_path = upload_directory_path(request) if upload_path is None or not os.path.exists(upload_path): ret["msg"] = _("Upload directory not specified or not found.") return ret # Check filetype fileextension = get_valid_file_extension(request, filetype) if fileextension is None: ret["msg"] = _("File type is not valid.") return ret # Check filesize size = get_file_size(file) if size > upload_max_file_size(request): ret["msg"] = _("File is too big.") return ret # Do the actual file processing # Strip leading path from file name to avoid directory traversal # attacks old_filename = os.path.basename(filename) # Internet Explorer will attempt to provide full path for filename # fix old_filename = old_filename.split("\\")[-1] # Remove the extension and check the filename clean_filename = ".".join(old_filename.split(".")[:-1]) clean_filename = _clean_filename(clean_filename) # Make sure the filename is not too long if len(clean_filename) > 500: clean_filename = clean_filename[:500] # Append the predefined file extension clean_filename = "%s%s" % (clean_filename, fileextension) # Use a randomly generated UUID as filename file_identifier = uuid.uuid4() new_filename = "%s%s" % (file_identifier, fileextension) # Check if the directories already exist. If not, create them. if not os.path.exists(os.path.join(upload_path, TEMP_FOLDER_NAME)): os.makedirs(os.path.join(upload_path, TEMP_FOLDER_NAME)) new_filepath = os.path.join(upload_path, TEMP_FOLDER_NAME, new_filename) # Open the new file for writing f = open(new_filepath, "wb", 10000) datalength = 0 # Read the file in chunks for chunk in _file_buffer(file): f.write(chunk) datalength += len(chunk) f.close() # Open the file again to get the hash hash = get_file_hash(new_filepath) # Database values db_file = File(identifier=file_identifier, name=clean_filename, mime=filetype, size=datalength, hash=hash) Session.add(db_file) log.debug("The uploaded file (%s) was saved as %s at %s" % (clean_filename, new_filename, new_filepath)) ret["filename"] = clean_filename ret["fileidentifier"] = str(file_identifier) ret["msg"] = _("File was successfully uploaded") ret["success"] = True localizer = get_localizer(request) ret["msg"] = localizer.translate(ret["msg"]) return ret