def post(self, request, *args, **kwargs):
if request.POST.get('filetype') == 'file':
field = FileField
elif request.POST.get('filetype') == 'image':
field = ImageField
else:
raise SuspiciousMultipartForm(
"Missing attribute 'filetype' in form data.")
data = {}
for name, file_obj in request.FILES.items():
data[name] = field.preview(file_obj)
return JsonResponse(data)
def done(self, form_list, **kwargs):
self.is_done = True
form_dict = kwargs.get('form_dict', {})
upload_form = form_dict.get('upload', None)
if not upload_form:
raise SuspiciousMultipartForm(
'Could not find the formular for the upload step.')
cleaned_data = upload_form.cleaned_data
files = []
if cleaned_data:
files = [file.name for file in cleaned_data.get('file_field', [])]
return self.render(self.templates['done'], files=files)
def _update_unget_history(self, num_bytes):
"""
Updates the unget history as a sanity check to see if we've pushed
back the same number of bytes in one chunk. If we keep ungetting the
same number of bytes many times (here, 50), we're mostly likely in an
infinite loop of some sort. This is usually caused by a
maliciously-malformed MIME request.
"""
self._unget_history = [num_bytes] + self._unget_history[:49]
number_equal = len([current_number for current_number in self._unget_history
if current_number == num_bytes])
if number_equal > 40:
raise SuspiciousMultipartForm(
"The multipart parser got stuck, which shouldn't happen with"
" normal uploaded files. Check for malicious upload activity;"
" if there is none, report this to the Django developers."
)
