def getFileUploadMaximumSize(request):
"""
Return a nicely rendered string of the maximum file size for uploads as
defined in the ini configuration of the application.
"""
maxSize = upload_max_file_size(request)
if maxSize < (1024*1024):
maxSize = '%s KB' % (maxSize / 1024)
else:
maxSize = '%s MB' % round(maxSize / (1024*1024.0), 1)
return maxSize
def handle_upload(request, filedict):
"""
Handle the upload of a new file.
http://code.google.com/p/file-uploader/
"""
TEMP_FOLDER_NAME = "temp"
ret = {"success": False, "msg": ""}
filename = None
filetype = None
file = None
try:
filename = filedict["filename"]
file = filedict["fp"]
filetype = filedict["mimetype"]
except:
ret["msg"] = _("Not all necessary values were provided.")
valid = False
if filename is None or file is None or filetype is None:
ret["msg"] = "Uploaded file not found."
# Check upload directory
upload_path = upload_directory_path(request)
if upload_path is None or not os.path.exists(upload_path):
ret["msg"] = _("Upload directory not specified or not found.")
return ret
# Check filetype
fileextension = get_valid_file_extension(request, filetype)
if fileextension is None:
ret["msg"] = _("File type is not valid.")
return ret
# Check filesize
size = get_file_size(file)
if size > upload_max_file_size(request):
ret["msg"] = _("File is too big.")
return ret
# Do the actual file processing
# Strip leading path from file name to avoid directory traversal
# attacks
old_filename = os.path.basename(filename)
# Internet Explorer will attempt to provide full path for filename
# fix
old_filename = old_filename.split("\\")[-1]
# Remove the extension and check the filename
clean_filename = ".".join(old_filename.split(".")[:-1])
clean_filename = _clean_filename(clean_filename)
# Make sure the filename is not too long
if len(clean_filename) > 500:
clean_filename = clean_filename[:500]
# Append the predefined file extension
clean_filename = "%s%s" % (clean_filename, fileextension)
# Use a randomly generated UUID as filename
file_identifier = uuid.uuid4()
new_filename = "%s%s" % (file_identifier, fileextension)
# Check if the directories already exist. If not, create them.
if not os.path.exists(os.path.join(upload_path, TEMP_FOLDER_NAME)):
os.makedirs(os.path.join(upload_path, TEMP_FOLDER_NAME))
new_filepath = os.path.join(upload_path, TEMP_FOLDER_NAME, new_filename)
# Open the new file for writing
f = open(new_filepath, "wb", 10000)
datalength = 0
# Read the file in chunks
for chunk in _file_buffer(file):
f.write(chunk)
datalength += len(chunk)
f.close()
# Open the file again to get the hash
hash = get_file_hash(new_filepath)
# Database values
db_file = File(identifier=file_identifier, name=clean_filename, mime=filetype, size=datalength, hash=hash)
Session.add(db_file)
log.debug("The uploaded file (%s) was saved as %s at %s" % (clean_filename, new_filename, new_filepath))
ret["filename"] = clean_filename
ret["fileidentifier"] = str(file_identifier)
ret["msg"] = _("File was successfully uploaded")
ret["success"] = True
localizer = get_localizer(request)
ret["msg"] = localizer.translate(ret["msg"])
return ret