def process_file(self, file_id, model_version): """ Codes the input file to different SOC categories """ # get configuration config = self.config['soccer'] input_dir = config['input_dir'] output_dir = config['output_dir'] model_filepath = config['model_file'] # specify input/output filepaths input_filepath = safe_join(input_dir, file_id) output_path = safe_join(output_dir, file_id) output_filepath = output_path + '.csv' plot_filepath = output_path + '.png' # save parameters as json file with open(output_path + '.json', 'w') as f: json.dump({ 'file_id': file_id, 'model_version': model_version }, f) # results are written to output_filepath code_file( input_filepath=input_filepath, output_filepath=output_filepath, model_version=model_version, model_filepath=model_filepath ) plot_results( results_filepath=output_filepath, plot_filepath=plot_filepath )
def up_file(filename, fname, foldername): path = safe_join(os.path.join(app.config['uploads'], foldername)) if path is None: abort(404) files = os.listdir(path) if not files: abort(404) path = safe_join(os.path.join(path, fname)) return send_from_directory(path, filename)
def unique_filename(self, save_directory=config.UPLOAD_DIR) -> str: unique_name = '{}{}'.format(self.original_filename, self.extension) filepath = safe_join(save_directory, unique_name) c = itertools.count() while os.path.exists(filepath): unique_name = '{}_{}{}'.format(self.original_filename, next(c), self.extension) filepath = safe_join(save_directory, unique_name) return unique_name
def test_safe_join_os_sep(): import werkzeug.security as sec prev_value = sec._os_alt_seps sec._os_alt_seps = "*" assert safe_join("foo", "bar/baz*") is None sec._os_alt_steps = prev_value
def save(self, save_directory=config.UPLOAD_DIR) -> None: """Saves the file to `UPLOAD_DIR`.""" if os.path.isdir(save_directory) is False: os.makedirs(save_directory) save_path = safe_join(save_directory, self.get_filename()) self.__file.save(save_path)
def download(filename): path = safe_join(current_app.config['VIDEO_FOLDER'], filename) print(path) if not os.path.isfile(path): # zip the folder zip_in_memory = BytesIO() with zipfile.ZipFile( zip_in_memory, 'w', compression=zipfile.ZIP_DEFLATED, ) as zf: for dirpath, dirs, files in walk(path): for f in files: fn = os.path.join(dirpath, f) zf.write(fn, os.path.relpath(fn, path)) zip_in_memory.seek(0) zipname = os.path.basename(path) + '.zip' return send_file(zip_in_memory, attachment_filename=zipname, as_attachment=True) else: return send_file(path, attachment_filename=os.path.basename(path), as_attachment=True)
def get_path_or_file(self, path): """Return a path/file for a static file (e.g. an image). Renderers can either return a filename, or an opened file-like object. (A filename will likely be better for performance.) """ return safe_join(self.path, path)
def load_post(filename: str, meta_only: bool = False) -> Optional[Dict[str, Any]]: # parse the filename (yyyy-MM-dd-post-title.md) try: year, month, day, name = os.path.splitext(filename)[0].split( "-", maxsplit=3) year, month, day = int(year), int(month), int(day) except ValueError: return None # load post entry fullpath = safe_join(posts_folder, filename) if fullpath is None: return None post = load_entry(fullpath, meta_only=meta_only) if post is None: # note that post may be {} return None # add some fields post["filename"] = filename post["url"] = url_for( ".post", year=f"{year:0>4d}", month=f"{month:0>2d}", day=f"{day:0>2d}", name=name, ) # ensure *title* field if "title" not in post: post["title"] = " ".join(name.split("-")) # ensure *created* field if "created" not in post: post["created"] = datetime(year=year, month=month, day=day) return post
def upload_file(): """ Endpoint called after submitting a file to upload it creates a path and filename and saves it to the folder defined in app.config['UPLOAD_FOLDER'] in the init file. Then shows a message and redirects to /upload. :return: A file is uploaded to the 'uploads' folder """ dupl_counter = 0 # Variable to store count of files with the same name and append it to new uploaded file. if request.method == 'POST': f = request.files['file'] from Riki import app if platform.system() == 'Windows': path_and_filename = os.path.join(app.config['UPLOAD_FOLDER'], f.filename) else: path_and_filename = safe_join(app.config['UPLOAD_FOLDER'], secure_filename(f.filename)) original_name = path_and_filename while os.path.exists(path_and_filename): dupl_counter += 1 txt_append = " (" + str(dupl_counter) + ")" path_and_filename = original_name + txt_append dupl_counter = 0 f.save(path_and_filename) flash('File successfully uploaded') return redirect('/upload')
def upload_image(): def allowed_file(filename): return '.' in filename and \ filename.rsplit('.', 1)[1].lower() in ['jpg', 'png'] file = request.files['upload'] error = '' if not file: return jsonify(uploaded=0, error={'message': 'Please select a file.'}) elif not allowed_file(file.filename): return jsonify(uploaded=0, error={'message': 'File extension not allowed.'}) else: filename = file.filename extension = '.' + filename.rsplit('.', 1)[1] filename = hashlib.md5( (filename + str(datetime.utcnow())).encode('utf-8')).hexdigest() + extension filepath = safe_join(current_app.config['IMAGE_UPLOAD_FOLDER'], filename) if not filepath: return jsonify(uploaded=0, error={'message': 'Filename illegal.'}) file.save(filepath) callback = request.args.get('CKEditorFuncNum') url = url_for('upload.fetch', filename=filename) res = """ <script type="text/javascript">window.parent.CKEDITOR.tools.callFunction(%s, '%s', '%s')</script> """ % (callback, url, error) return res, 200, {"Content-Type": "text/html"}
def user(username): user = User.query.filter_by(username=username).first_or_404() page = request.args.get('page', 1, type=int) pagination = user.posts.order_by(Post.timestamp.desc()).paginate( page, per_page=current_app.config['FLASK_POSTS_PER_PAGE'], error_out=False) posts = pagination.items if user == current_user: form = ImgForm() from manage import app if form.validate_on_submit(): current_user.img = form.picture.data.filename if current_user.img and user.allowed_img(current_user.img): imgdest = safe_join(app.config['UPLOAD_FOLDER'], current_user.img) form.picture.data.save(imgdest) db.session.add(current_user) return redirect(url_for('main.user', username=username)) return render_template('user.html', form=form, user=user, posts=posts, pagination=pagination) return render_template('user.html', user=user, posts=posts, pagination=pagination)
def get_allowed_path(self, user_id: str, parts: List[str], source_dir: str = 'files') -> Optional[str]: """Check if file name matches allowed pattern. Args: user_id: The identifier of the user. parts: List of all directory names and the filename. source_dir: Top level folder name inside user folder. This can either be 'files' or 'jobs' in the current setup. Defaults to the files directory ('files'). Returns: The file path if it is allowed otherwise None. """ files_dir, jobs_dir = self.setup_user_folder(user_id) if source_dir == 'files': out_dir = files_dir else: out_dir = jobs_dir filename = parts.pop(-1) for part in parts: if re.fullmatch(self.allowed_dirname, part) is None: return None if re.fullmatch(self.allowed_filename, filename) is None: return None parts.append(filename) return safe_join(out_dir, *parts)
def delete(path): real_path = Path(safe_join(os.fspath(app.config["UPLOAD_FOLDER"]), os.fspath(path))) if not real_path.exists() or not real_path.is_file(): abort(Response(f"File {str(path)} not found", 404)) real_path.unlink() return json.dumps(str(path)), 200
def browse(): generated_path = safe_join(normalise_relative_path(GENERATED_LISTING_DIR), 'years_listing.html') content = open(generated_path).read() return render_template('issue_browser.html', current_year=datetime.now().year, content=content)
def upload_image(): def allowed_file(filename): return '.' in filename and \ filename.rsplit('.', 1)[1].lower() in ['jpg', 'png'] file = request.files['upload'] error = '' if not file: return jsonify(uploaded=0, error={'message': 'Please select a file.'}) elif not allowed_file(file.filename): return jsonify(uploaded=0, error={'message': 'File extension not allowed.'}) else: filename = file.filename extension = '.' + filename.rsplit('.', 1)[1] filename = hashlib.md5((filename + str(datetime.utcnow())).encode('utf-8')).hexdigest() + extension filepath = safe_join(current_app.config['IMAGE_UPLOAD_FOLDER'], filename) if not filepath: return jsonify(uploaded=0, error={'message': 'Filename illegal.'}) file.save(filepath) callback = request.args.get('CKEditorFuncNum') url = url_for('upload.fetch', filename=filename) res = """ <script type="text/javascript">window.parent.CKEDITOR.tools.callFunction(%s, '%s', '%s')</script> """ % (callback, url, error) return res, 200, {"Content-Type": "text/html"}
def upload_photo(): #设置随机数 file_num = random.randint(0, 20) #获取jquery发来的文件 file = request.files["file"] #这是文件名字 file_name = session["user_name"] + str(file_num) + file.filename #将文件的路径转为安全的。 file_path = security.safe_join("images/", file_name) file.save(file_path) #将文件大小加入session file_size = os.path.getsize(file_path) session["file_size"] = file_size #将文件路径加入session session["file_path"] = file_path #将文件标题加入session session["file_title"] = request.form["title"] #调用函数插入数据库数据 result = up_load_photo() if result: #完成后返回数据,提示已经上传成功。 return "文件上传成功" else: return "文件上传失败,请检查网络和文件等,重新上传。"
def DocumentRoot(root, path, status): safe = security.safe_join(root, path) print '"%s" + "%s" ==> "%s"' % (root, path, safe) mime = guess_mimetype(path) mtime = os.stat(safe).st_mtime return FileResponse(safe, mime, status)
def package(app, request, path): # Get our filename and filepath from the request path filename = os.path.basename(path) filepath = safe_join(os.path.abspath(app.config.paths.packages), path) # If we cannot safely join the requested path with our directory # return a 404 if filepath is None: raise NotFound("{} was not found".format(filename)) # Open the file and attempt to wrap in the wsgi.file_wrapper if it's # available, otherwise read it directly. try: fp = open(filepath, "rb") data = wrap_file(request.environ, fp) except IOError: raise NotFound("{} was not found".format(filename)) # Get the project name and normalize it lookup_filename = filename[:-4] if filename.endswith(".asc") else filename project = app.db.packaging.get_project_for_filename(lookup_filename) # Get the MD5 hash of the file content_md5 = app.db.packaging.get_filename_md5(filename) headers = {} # Add in additional headers if we're using Fastly headers["Surrogate-Key"] = " ".join( fastly.projects.format_keys(project=project), ) # Look up the last serial for this file serial = app.db.packaging.get_last_serial(project) if serial is not None: headers["X-PyPI-Last-Serial"] = serial # Pass through the data directly to the response object resp = Response( data, headers=headers, mimetype=get_mimetype(filename), direct_passthrough=True, ) # Setup the Last-Modified header resp.last_modified = os.path.getmtime(filepath) # Setup the Content-Length header resp.content_length = os.path.getsize(filepath) if content_md5: # Setup the Content-MD5 headers resp.content_md5 = content_md5 # Setup Conditional Responses resp.set_etag(content_md5) resp.make_conditional(request) return resp
def uploaded_file(folder, filename): path = os.path.join(app.config['UPLOAD_FOLDER'], folder) filepath = safe_join(path, filename) if not os.path.isabs(filepath): filepath = os.path.join(app.root_path, filepath) if not os.path.isfile(filepath): raise NotFound() return send_file(filepath)
def download_report_file(report_id): wh = get_warehouse() report = get_or_404(wh.get_report, report_id, _exc=KeyError) file_path = safe_join(wh.reports_path, report.filename) if not path(file_path).isfile(): flask.abort(404) return flask.send_file(file_path, as_attachment=True, attachment_filename=report.filename)
def add_profile_picture(username, file): filename = secure_filename(file.filename) extension = filename.split('.')[1] directory = safe_join(os.path.join(current_app.config['UPLOAD_FOLDER']), username) if not os.path.exists(directory): print("No existe") os.makedirs(directory) print("Salio") idx_act = 0 picture_name = "%i.%s" % (idx_act, extension) path_picture = safe_join(os.path.join(directory), picture_name) while os.path.exists(path_picture): idx_act += 1 picture_name = "%i.%s" % (idx_act, extension) path_picture = safe_join(os.path.join(directory), picture_name) file.save(path_picture) return picture_name
def get_user_path(): """Returns the path of the current user's temp directory. Uses security.safe_join to check for directory traversal attacks. Returns: Path to the user directory. """ return security.safe_join(TEMP, flask.g.user_id)
def download(name, filename): wh = get_warehouse() parcel = get_or_404(wh.get_parcel, name, _exc=KeyError) file_path = safe_join(parcel.get_path(), filename) if not path(file_path).isfile(): flask.abort(404) return flask.send_file(file_path, as_attachment=True, attachment_filename=filename)
def get_datastreams(feed): headers = {"X-ApiKey": feed.api_key} url = safe_join(API_URL, str(feed.xively_id)) try: r = requests.get(url, headers=headers) decoded_data = r.json() except Exception, e: flash("Xively request failed") response = "error" return response
def secure_filepath(filepath): ''' Ensures this will be a sanitized relative path ''' secured_filepath = safe_join('.', filepath) assert secured_filepath is not None, "Filepath wasn't secure" secured_filepath = secured_filepath[2:] if not secured_filepath: logger.warn("Filepath became empty while securing") return '' return secured_filepath
def _safe_path_join(root: Path, untrusted: str) -> Path: """Join a Path element with an untrusted str. This is a convenience wrapper for werkzeug's safe_join, raising a ValueError if the path is malformed.""" untrusted_parts = Path(untrusted).parts joined = safe_join(root.as_posix(), *untrusted_parts) if joined is None: raise ValueError("Untrusted paths.") return Path(joined)
def delete(filename: str) -> bool: """Deletes the file from `config.UPLOAD_DIR`, if it exists.""" file_path = safe_join(config.UPLOAD_DIR, filename) if os.path.isfile(file_path) is False: return False os.remove(file_path) return True
def get_datapoint(datastream, timestamp): timestamp = datetime.combine(timestamp, datetime.min.time()) timestamp = timestamp.isoformat() headers = {"X-ApiKey": datastream.feed.api_key} url = safe_join(API_URL, str(datastream.feed.xively_id)) url = url + "/datastreams/" url = safe_join(url, datastream.xively_id) url = url + ".json?duration=" + "1seconds" url = url + "&function=average&limit=1" url = url + "&end=" + timestamp try: r = requests.get(url, headers=headers) decoded_data = r.json() value = decoded_data["datapoints"][0]["value"] return float(value) except Exception, e: flash("Lookup failed for " + datastream.info + " at " + timestamp) return False
def download(name, filename): from werkzeug.security import safe_join wh = get_warehouse() parcel = get_or_404(wh.get_parcel, name, _exc=KeyError) file_path = safe_join(parcel.get_path(), filename) if not path(file_path).isfile(): flask.abort(404) return flask.send_file(file_path, as_attachment=True, attachment_filename=filename)
def get_directory(sub_dir=None, file_name=None): dir_name = 'measures' path = dir_name if not sub_dir is None: path = safe_join(dir_name, sub_dir) if not file_name is None: path = safe_join(path, file_name) if os.path.isfile(path): return get_graph() if path is None: abort(404) files = os.listdir(path) return render_template('soubory.html', files=files, sub_dir=sub_dir, file_name=file_name, path=path)
def add_song(): if 'add_entry' in request.form: entry_info = request.form['add_entry'] entry_parts = entry_info.split('+') dirid = entry_parts[0] pathname = safe_join(app.config['MUSIC_PATH'],entry_parts[1]) name = request.form['name'+str(dirid)] if not name or name == '': name = path.split(pathname)[1] append_playlist(name, pathname) return redirect(url_for('playlist'))
def loader(path): if path is not None: path = safe_join(directory, path) else: path = directory if path is not None: if os.path.isdir(path): path = posixpath.join(path, 'index.html') if os.path.isfile(path): return os.path.basename(path), self._opener(path) return None, None
def get_safe_filename(name): name, ext = os.path.splitext(name) # pull off for later name = ''.join(os.path.split(name)) # take any directory tricks out name = safe_join('', name) or '' # goodbye any lingering tricks if name not in ('', '.'): # atomically reserve a unique filename with NamedTemporaryFile(dir=drop_dir, delete=False, prefix=name, suffix=ext) as safe_file: safe_filepath = safe_file.name return os.path.split(safe_filepath)[-1] # just the filename else: return None
def get_dataset(datastream, zoom_level, timeStamp): headers = {"X-ApiKey": datastream.feed.api_key} url = safe_join(API_URL, str(datastream.feed.xively_id)) url = url + "/datastreams/" url = safe_join(url, datastream.xively_id) url = url + ".json?duration=" + zoom[zoom_level]["duration"] url = url + "&interval=" + zoom[zoom_level]["interval"] url = url + "&function=average&find_previous" if timeStamp != None: url = url + "&end=" + timeStamp try: r = requests.get(url, headers=headers) decoded_data = r.text decoded_data = json.loads(decoded_data) decoded_data.update({"zoom_level": zoom_level}) decoded_data = json.dumps(decoded_data) return decoded_data except Exception, e: flash("Xively request failed") response = "error" return False
def get_path(file_name, suffix=""): """Returns a safe path in the user's temp directory. Uses security.safe_join to check for directory traversal attacks. Args: file_name: Text filename. suffix: Text filename suffix. Defaults to ''. Returns: Path to the requested file. """ return security.safe_join(get_user_path(), f"{file_name}{suffix}")
def upload_song(): songfile = request.files['file'] if (songfile): if (songfile.filename.endswith('.mp3')): file_path = safe_join(app.config['MUSIC_PATH'], songfile.filename) songfile.save(file_path) name = request.form['name'] if (not name or name == ''): name = path.split(file_path)[1] append_playlist(name, file_path) else: #not mp3 file flash('File must be an mp3 file') return redirect(url_for('playlist'))
def submit(): """ Codes the input file to different SOC categories """ # get parameters file_id = request.form['file_id'] model_version = request.form['model_version'] # get configuration input_dir = app.config['soccer']['input_dir'] output_dir = app.config['soccer']['output_dir'] model_filepath = app.config['soccer']['model_file'] # specify input/output filepaths input_filepath = safe_join(input_dir, file_id) parameters_filepath = safe_join(output_dir, file_id + '.json') output_filepath = safe_join(output_dir, file_id + '.csv') plot_filepath = safe_join(output_dir, file_id + '.png') # save form parameters as json file with open(parameters_filepath, 'w') as f: json.dump(request.form, f) # results are written to output_filepath code_file( input_filepath=input_filepath, output_filepath=output_filepath, model_version=model_version, model_filepath=model_filepath ) plot_results( results_filepath=output_filepath, plot_filepath=plot_filepath ) return jsonify({ 'file_id': file_id })
def upload(): results = [] for filename, file in request.files.items(): if not filename: continue file_path = filename.lstrip(os.sep) safe_path = safe_join(app.config["UPLOAD_FOLDER"], file_path) if safe_path is None: raise NotFound() target = Path(safe_path) target.parent.mkdir(parents=True, exist_ok=True) file.save(str(target)) results.append(file_path) return json.dumps(results), 200
def image_upload(): if request.method == 'POST': form = ImageForm(request.form) if form.validate(): image_file = request.files['file'] filename = security.safe_join(app.config['IMAGES_DIR'], image_file.filename) image_file.save(filename) flash('Saved %s' % os.path.basename(filename), 'success') return redirect(url_for('entries.index')) else: form = ImageForm() return render_template('entries/image_upload.html', form=form)
def inject_url_defaults(self, endpoint, values): super().inject_url_defaults(endpoint, values) if endpoint == 'static' and 'filename' in values: filepath = safe_join(self.static_folder, values['filename']) h = self._hash_cache.get(filepath) if h is not None: values['h'] = h return if os.path.isfile(filepath): h = hashlib.md5() with open(filepath, 'rb') as f: h.update(f.read()) h = h.hexdigest() self._hash_cache[filepath] = h values['h'] = h
def delete_report(report_id): if not auth.authorize(['ROLE_ADMIN']): return flask.abort(403) wh = get_warehouse() report = get_or_404(wh.get_report, report_id, _exc=KeyError) lot_code = report.lot if flask.request.method == 'POST': file_path = safe_join(wh.reports_path, report.filename) if file_path.exists(): file_path.unlink() wh.delete_report(report_id) flask.flash('Report was deleted.', 'system') url = flask.url_for('parcel.lot', code=lot_code) return flask.redirect(url) return flask.render_template('report_delete.html', report=report)
def resolve_artifact(self, url_path, pad=None, redirect_slash=True): """Resolves an artifact and also triggers a build if necessary. Returns a tuple in the form ``(artifact_name, filename)`` where `artifact_name` can be `None` in case a file was targeted explicitly. """ if pad is None: pad = self.get_pad() artifact_name = filename = record_path = alt = None # We start with trying to resolve a source and then use the # primary source = pad.resolve_url_path(url_path) if source is not None: # If the request path does not end with a slash but we # requested a URL that actually wants a trailing slash, we # append it. This is consistent with what apache and nginx do # and it ensures our relative urls work. if ( not url_path.endswith("/") and source.url_path != "/" and source.url_path != url_path ): return abort(append_slash_redirect(request.environ)) with CliReporter(self.env, verbosity=self.verbosity): builder = self.get_builder(pad) prog, _ = builder.build(source) artifact = prog.primary_artifact if artifact is not None: artifact_name = artifact.artifact_name filename = artifact.dst_filename alt = source.alt if isinstance(source, Record): record_path = source.record.path if filename is None: path_list = url_path.strip("/").split("/") if sys.platform == "win32": filename = os.path.join(self.output_path, *path_list) else: filename = safe_join(self.output_path, *path_list) return ResolveResult(artifact_name, filename, record_path, alt)
def textedit(fname): ipath = safe_join('temp', fname) if fname is None: return "Invalid filename" data = flask.request.args or {} cuts = data.get('cuts') try: cuts = json.loads(cuts) except: return "Can't load cuts as JSON" # make sure that we have a list of 4 int lists if type(cuts) != list or not \ all(type(l) is list and len(l) == 4 and all(type(e) is int for e in l) for l in cuts): return "Invalid cut data", 400 try: img = Image.open(ipath) except: return "Image not found", 404 if cuts: #cuts = sorted(cuts) new = make_cuts(img, cuts) else: new = [img] try: outimgs = [] for im in new: outimgs.append({ "url": make_data_url(im), "pos": ",".join(str(i) for i in im._cut_pos) }) except Exception as e: try: estr = str(e) except: estr = "??" traceback.print_exc() return "Cut data caused error: "+estr, 400 return flask.render_template("text.html", outimgs=outimgs, enumerate=enumerate)
def serve_route(): if not session.get('logged_in'): return login_route() if request.method == "POST": filename = request.form['filename'] file = request.files['file'] if filename == "": filename = file.filename if '/' in filename: flash("Invalid filename! Cannot contain `/`.", category="error") elif filename == "": flash("No file detected!", category="error") else: file.save(safe_join(config['UPLOAD_DIR'], filename)) flash("File uploaded!", category="success") return render_template("index.html")
def load_page(rel_url: str) -> Optional[Dict[str, Any]]: # convert relative url to full file path pathnames = rel_url.split("/") fullpath = safe_join(pages_folder, *pathnames) if fullpath is None: return None if fullpath.endswith(os.path.sep): # /foo/bar/ fullpath = os.path.join(fullpath, "index.md") elif fullpath.endswith(".html"): # /foo/bar.html fullpath = os.path.splitext(fullpath)[0] + ".md" else: # /foo/bar fullpath += ".md" # load page entry page = load_entry(fullpath) if page is None: return None page["url"] = url_for(".page", rel_url=rel_url) # ensure *title* field if "title" not in page: name = os.path.splitext(os.path.basename(fullpath))[0] page["title"] = " ".join(name.split("-")) return page
def change_user_username_folder(current_username, new_username): directory = safe_join(os.path.join(current_app.config['UPLOAD_FOLDER']), current_username) if os.path.exists(directory): new_directory = safe_join(os.path.join(current_app.config['UPLOAD_FOLDER']), new_username) os.rename(directory, new_directory)
def get_file(filename, username): filename = safe_join(os.path.join(username), filename) upload_folder = safe_join(os.path.join(os.getcwd()), current_app.config['UPLOAD_FOLDER']) print(filename) return send_from_directory(upload_folder, filename)
def package(app, request, path): # Get our filename and filepath from the request path filename = os.path.basename(path) filepath = safe_join( os.path.abspath(app.config.paths.packages), path ) # If we cannot safely join the requested path with our directory # return a 404 if filepath is None: raise NotFound("{} was not found".format(filename)) # Open the file and attempt to wrap in the wsgi.file_wrapper if it's # available, otherwise read it directly. try: fp = open(filepath, "rb") data = wrap_file(request.environ, fp) except IOError: raise NotFound("{} was not found".format(filename)) # Get the project name and normalize it lookup_filename = filename[:-4] if filename.endswith(".asc") else filename project = app.db.packaging.get_project_for_filename(lookup_filename) normalized = normalize(project) # Get the MD5 hash of the file content_md5 = app.db.packaging.get_filename_md5(filename) headers = {} # Add in additional headers if we're using Fastly headers.update({ "Surrogate-Key": " ".join([ "package", "package~{}".format(normalized), ]), }) # Look up the last serial for this file serial = app.db.packaging.get_last_serial(project) if serial is not None: headers["X-PyPI-Last-Serial"] = serial # Pass through the data directly to the response object resp = Response( data, headers=headers, mimetype=get_mimetype(filename), direct_passthrough=True, ) # Setup the Last-Modified header resp.last_modified = os.path.getmtime(filepath) # Setup the Content-Length header resp.content_length = os.path.getsize(filepath) if content_md5: # Setup the Content-MD5 headers resp.content_md5 = content_md5 # Setup Conditional Responses resp.set_etag(content_md5) resp.make_conditional(request) return resp
def _resolve_path(self, path): full_path = safe_join(self.path, path) if full_path is None: raise ValueError('Invalid path: {}'.format(path)) return full_path
def test_safe_join_os_sep(): import werkzeug.security as sec prev_value = sec._os_alt_seps sec._os_alt_seps = '*' assert safe_join('foo', 'bar/baz*') is None sec._os_alt_steps = prev_value
def uploaded_image(farm_id, filename): print(safe_join(app.config['UPLOAD_FOLDER']+'produce/' + str(farm_id), filename)) return send_from_directory(app.config['UPLOAD_FOLDER']+'produce/' + str(farm_id)+'/', filename)
def _path_for(fname): path = safe_join(current_app.config['NOTES_DIR'], fname) return path
def test_safe_join(): assert safe_join("foo", "bar/baz") == posixpath.join("foo", "bar/baz") assert safe_join("foo", "../bar/baz") is None if os.name == "nt": assert safe_join("foo", "foo\\bar") is None
def test_safe_join(self): assert safe_join('foo', 'bar/baz') == os.path.join('foo', 'bar/baz') assert safe_join('foo', '../bar/baz') is None if os.name == 'nt': assert safe_join('foo', 'foo\\bar') is None
def test_safe_join(self): """Test the safe joining helper""" assert safe_join('foo', 'bar/baz') == os.path.join('foo', 'bar/baz') assert safe_join('foo', '../bar/baz') is None if os.name == 'nt': assert safe_join('foo', 'foo\\bar') is None
def joinpath(base, path): '''Shorthand for returning a normalised & joined path''' return os.path.normpath(safe_join(base, path))
def delete_testcase(pid, fname): datadir = os.path.join(app.config['TESTCASE_FOLDER'], str(pid)) filename = safe_join(datadir, fname) if os.path.exists(filename): os.remove(filename) return redirect(url_for('admin.manage_data', pid=pid))