def upload(request, project_id): if request.method == 'POST': proj = Project.objects.get(pk=project_id) form = ProjectFileForm(request.POST, request.FILES) if form.is_valid(): name = request.POST.get('name', False) upload_path = store_uploaded_file(name, request.FILES['file']) #A1 - Injection (SQLi) curs = connection.cursor() curs.execute( "insert into taskManager_file ('name','path','project_id') values ('%s','%s',%s)" % (name, upload_path, project_id)) # file = File( #name = name, #path = upload_path, # project = proj) # file.save() return redirect('/taskManager/' + project_id + '/', {'new_file_added': True}) else: form = ProjectFileForm() else: form = ProjectFileForm() return render_to_response('taskManager/upload.html', {'form': form}, RequestContext(request))
def profile_by_id(request, user_id): user = User.objects.get(pk=user_id) if request.method == 'POST': form = ProfileForm(request.POST, request.FILES) if form.is_valid(): print("made it!") if request.POST.get('username') != user.username: user.username = request.POST.get('username') if request.POST.get('first_name') != user.first_name: user.first_name = request.POST.get('first_name') if request.POST.get('last_name') != user.last_name: user.last_name = request.POST.get('last_name') if request.POST.get('email') != user.email: user.email = request.POST.get('email') if request.POST.get('password'): user.set_password(request.POST.get('password')) if request.FILES: user.userprofile.image = store_uploaded_file( user.username + "." + request.FILES['picture'].name.split(".")[-1], request.FILES['picture']) user.userprofile.save() user.save() messages.info(request, "User Updated") return render(request, 'taskManager/profile.html', {'user': user})
def upload(request, project_id): if request.method == 'POST': proj = Project.objects.get(pk=project_id) form = ProjectFileForm(request.POST, request.FILES) if form.is_valid(): name = request.POST.get('name', False) upload_path = store_uploaded_file(name, request.FILES['file']) #A1 - Injection (SQLi) curs = connection.cursor() curs.execute( "insert into taskManager_file ('name','path','project_id') values ('%s','%s',%s)" % (name, upload_path, project_id)) # file = File( #name = name, #path = upload_path, # project = proj) # file.save() return redirect('/taskManager/' + project_id + '/', {'new_file_added': True}) else: form = ProjectFileForm() else: form = ProjectFileForm() return render_to_response( 'taskManager/upload.html', {'form': form}, RequestContext(request))
def profile_by_id(request, user_id): user = User.objects.get(pk=user_id) if request.method == 'POST': form = ProfileForm(request.POST, request.FILES) if len(request.POST.get('dob')) > 8: raise Exception("Birthday does not match format") if form.is_valid(): if request.POST.get('first_name') != user.first_name: user.first_name = request.POST.get('first_name') if request.POST.get('last_name') != user.last_name: user.last_name = request.POST.get('last_name') if request.POST.get('email') != user.email: user.email = request.POST.get('email') if request.POST.get('dob') != user.userprofile.dob: user.userprofile.dob = request.POST.get('dob') user.userprofile.save() if request.POST.get('password'): user.set_password(request.POST.get('password')) if request.FILES: user.userprofile.image = store_uploaded_file( user.get_full_name() + "." + request.FILES['picture'].name.split(".")[-1], request.FILES['picture']) user.userprofile.save() user.save() messages.info(request, "User Updated") return render(request, 'taskManager/profile.html', {'user': user})
def upload(request, project_id): if request.method == 'POST': proj = Project.objects.get(pk=project_id) form = ProjectFileForm(request.POST, request.FILES) if (form.is_valid()) and (proj.users_assigned.filter( id=request.user.id).exists()): name = request.POST.get('name', False) upload_path = store_uploaded_file(name, request.FILES['file']) #Insert file details into the database curs = connection.cursor() curs.execute( "insert into taskManager_file ('name','path','project_id') values ( %s, %s, %s)", (name, upload_path, project_id)) # file = File( #name = name, #path = upload_path, # project = proj) # file.save() return redirect('/taskManager/' + project_id + '/project_details/', {'new_file_added': True}) else: form = ProjectFileForm() else: form = ProjectFileForm() return render(request, 'taskManager/upload.html', {'form': form})
def profile_by_id(request, user_id): user = User.objects.get(pk=user_id) if request.method == 'POST': form = ProfileForm(request.POST, request.FILES) if form.is_valid(): print("made it!") if request.POST.get('username') != user.username: user.username = request.POST.get('username') if request.POST.get('first_name') != user.first_name: user.first_name = request.POST.get('first_name') if request.POST.get('last_name') != user.last_name: user.last_name = request.POST.get('last_name') if request.POST.get('email') != user.email: user.email = request.POST.get('email') if request.POST.get('password'): user.set_password(request.POST.get('password')) if request.FILES: user.userprofile.image = store_uploaded_file(user.username + "." + request.FILES['picture'].name.split(".")[-1], request.FILES['picture']) user.userprofile.save() user.save() messages.info(request, "User Updated") return render(request, 'taskManager/profile.html', {'user': user})
def upload(request, project_id): logger.info('User %s upload %s' % (request.user.username,project_id)) if request.method == 'POST': proj = Project.objects.get(pk=project_id) form = ProjectFileForm(request.POST, request.FILES) ## kind of janky, you have to subimt a file and file by url, I wasn't sure how to get the form to validate if (form.is_valid()) and (proj.users_assigned.filter(id=request.user.id).exists()): if request.POST.get('url', False) != None: name = request.POST.get('name', False) url = request.POST.get('url', False) response = requests.get(url, timeout=15) #making request for image _file = response.content # taking response content and storing it in _file var content_type = response.headers["Content-Type"] if "image" in content_type: upload_path = store_url_data(url, _file) else: messages.warning(request, "Error in URL Upload") # I don't know how to return the data _file.decode("utf-8") return render(request, 'taskManager/upload.html', {'data': (_file.decode("utf-8"),"Good effort but we can't give you everything!")["security-credentials" in url] , 'name': name, 'url': url }) else: name = request.POST.get('name', False) upload_path = store_uploaded_file(name, request.FILES['file']) #Insert file details into the database curs = connection.cursor() curs.execute( "insert into taskManager_file (name,path,project_id) values (%s, %s, %s)", (name, upload_path, project_id)) # file = File( #name = name, #path = upload_path, # project = proj) # file.save() return redirect('/taskManager/' + project_id + '/project_details/', {'new_file_added': True}) else: form = ProjectFileForm() else: form = ProjectFileForm() return render( request, 'taskManager/upload.html', {'form': form})