def test_storage_dangerous_paths_dir_name(self): file_name = '/tmp/../path' s = FileSystemStorage() msg = "Detected path traversal attempt in '/tmp/..'" with self.assertRaisesMessage(SuspiciousFileOperation, msg): s.get_available_name(file_name) with self.assertRaisesMessage(SuspiciousFileOperation, msg): s.generate_filename(file_name)
def test_storage_dangerous_paths(self): candidates = [ ('/tmp/..', '..'), ('/tmp/.', '.'), ('', ''), ] s = FileSystemStorage() msg = "Could not derive file name from '%s'" for file_name, base_name in candidates: with self.subTest(file_name=file_name): with self.assertRaisesMessage(SuspiciousFileOperation, msg % base_name): s.get_available_name(file_name) with self.assertRaisesMessage(SuspiciousFileOperation, msg % base_name): s.generate_filename(file_name)
def test_storage_dangerous_paths_dir_name(self): candidates = [ ("tmp/../path", "tmp/.."), ("tmp\\..\\path", "tmp/.."), ("/tmp/../path", "/tmp/.."), ("\\tmp\\..\\path", "/tmp/.."), ] s = FileSystemStorage() for file_name, path in candidates: msg = "Detected path traversal attempt in '%s'" % path with self.subTest(file_name=file_name): with self.assertRaisesMessage(SuspiciousFileOperation, msg): s.get_available_name(file_name) with self.assertRaisesMessage(SuspiciousFileOperation, msg): s.generate_filename(file_name)
def picupdate(request): data={ 'title':'Dashboard', 'MEDIA_URL':MEDIA_URL, 'cancelledordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='cancelled')), 'pendingordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='pending')), 'deliveredordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='delivered')), 'totalorders':len(OrderHistory.objects.filter(sellerid=request.user.id)) } try: id= request.GET.get('q') ###Just a api product=ProductData.objects.get(id=int(id)) if product.seller_id==SellerProfile.objects.get(user_id=request.user.id).id: if request.method=='POST' and request.FILES['photo']: name=request.POST.get('name') photo = request.FILES['photo'] fs = FileSystemStorage(location='media/shop/product/') filename = fs.save(photo.name, photo) photoname=fs.generate_filename(filename) product.photo='shop/product/'+photoname product.save() data['message']='''<div class="alert alert-success" role="alert"> Picture Updated Successfully</div>''' data['allproducts']=ProductData.objects.filter(seller_id=SellerProfile.objects.get(user_id=request.user.id).id).order_by('id') return render(request,'seller/update.html',data) else: data['name']=product.name data['picurl']=product.photo return render(request,'seller/picupdate.html',data) else: return HttpResponse('<h1>Fail To Update! Contact with SupportTeam</h1>') except: return HttpResponse('<h1>Some Error Occured ! Please Retry</h1>') return render(request,'seller/picupdate.html',data)
def post(self, request): if request.user.userflag: try: photo = request.FILES['file'] fs = FileSystemStorage(location='media/shop/product/') photoname = photo.name.replace(" ", "") photoname = photoname.replace("_", "") filename = fs.save(photoname, photo) photoname = fs.generate_filename(filename) name = request.POST.get('name') origin = request.POST.get('origin') details = request.POST.get('details') mrp = request.POST.get('mrp') discount = request.POST.get('discount') subcategory = request.POST.get('subcategory') available = request.POST.get('available') newproduct = ProductData.objects.create( name=name, details=details, price=mrp, originofproduct=origin, available=available, review=5, discount=discount, subcategory=subcategory, photo='shop/product/' + photoname, seller_id=SellerProfile.objects.get( user_id=request.user.id).id) newproduct.save() return Response(status=status.HTTP_201_CREATED) except: return Response(status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response(status=status.HTTP_401_UNAUTHORIZED)
def sellerregistration(request): data = { 'pendingcount': len(OrderHistory.objects.filter(status='pending')), 'deliverycount': len(OrderHistory.objects.filter(status='delivered')), 'cancelledcount': len(OrderHistory.objects.filter(status='cancelled')), 'sellerprofilescount': len( CustomUser.objects.filter(userflag=True).filter( is_superuser=False)), 'buyerprofilescount': len( CustomUser.objects.filter(userflag=False).filter( is_superuser=False)), } if request.method == 'POST' and request.FILES: sellername = request.POST.get('name') phoneno = request.POST.get('phoneno') email = request.POST.get('email') password = request.POST.get('password') category = request.POST.get('category') shopName = request.POST.get('shopName') address = request.POST.get('address') longitude = request.POST.get('longitude') latitude = request.POST.get('latitude') homedelivery = request.POST.get('homedelivery') deliverycharge = request.POST.get('deliverycharge') bannerphoto = request.FILES['bannerphoto'] fs = FileSystemStorage(location='media/shop/banner/') filename = fs.save(bannerphoto.name, bannerphoto) photoname = fs.generate_filename(filename) user = CustomUser.objects.create_user( email=email, phoneno=phoneno, name=sellername, userflag=True, password=password, verified=True, ) user.set_password(password) user.save() userprofile = SellerProfile.objects.create( user=user, shopcategoty=category, shopname=shopName, shopaddress=address, shoplongitude=longitude, shoplatitude=latitude, homedelivery=homedelivery, deliverycharge=deliverycharge, shopbanner='shop/banner/' + photoname, ) userprofile.save() data[ 'message'] = '<div class="alert alert-success" role="alert">Seller Account Created Successfully</div>' return render(request, 'adminpanel/sellerregistration.html', data) return render(request, 'adminpanel/sellerregistration.html', data)
def landing_page(request): data = {} if request.method == "POST" and request.FILES['file']: # print(request.FILES) file = request.FILES['file'] fs = FileSystemStorage(location='deploymodel/datatmp/') filename = fs.save(file.name, file) photoname = fs.generate_filename(filename) # print(os.path.abspath("./datatmp/"+photoname)) data['message'] = predict(photoname) with open( str(BASE_DIR) + "/deploymodel" + '/datatmp/' + photoname, "rb") as image_file: encoded_string = base64.b64encode(image_file.read()) print(encoded_string) data['image'] = encoded_string.decode('utf-8') return render(request, "deploymodel/index.html", data)
def addproduct(request): data={ 'title':'Dashboard', 'MEDIA_URL':MEDIA_URL, 'cancelledordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='cancelled')), 'pendingordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='pending')), 'deliveredordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='delivered')), 'totalorders':len(OrderHistory.objects.filter(sellerid=request.user.id)), 'subid':request.user.seller.shopcategoty, } if request.method == 'POST' and request.FILES['photo']: photo = request.FILES['photo'] fs = FileSystemStorage(location='media/shop/product/') filename = fs.save(photo.name, photo) photoname=fs.generate_filename(filename) name=request.POST.get('name') origin=request.POST.get('origin') details=request.POST.get('details') mrp=request.POST.get('mrp') discount=request.POST.get('discount') subcategory=request.POST.get('subcategory') available=request.POST.get('available') newproduct=ProductData.objects.create( name=name, details=details, price=mrp, originofproduct=origin, available=available, review=5, discount=discount, subcategory=subcategory, photo='shop/product/'+photoname, seller_id=SellerProfile.objects.get(user_id=request.user.id).id ) newproduct.save() data['message']='''<div class="alert alert-success" role="alert"> Product Saved Successfully</div>''' return render(request, 'seller/addproduct.html',data) return render(request,'seller/addproduct.html',data)
def editshop(request): data={ 'title':'Dashboard', 'MEDIA_URL':MEDIA_URL, 'cancelledordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='cancelled')), 'pendingordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='pending')), 'deliveredordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='delivered')), 'totalorders':len(OrderHistory.objects.filter(sellerid=request.user.id)) } if request.method=='POST': if request.FILES : photo = request.FILES['photo'] fs = FileSystemStorage(location='media/shop/banner/') filename = fs.save(photo.name, photo) photoname=fs.generate_filename(filename) else: photoname= "" shopname=request.POST.get('name') shopaddress=request.POST.get('shopaddress') shoplatitude=request.POST.get('latitude') shoplongitude=request.POST.get('longitude') profile=request.user.seller profile.shopname=shopname profile.shopaddress=shopaddress profile.shoplatitude=shoplatitude profile.shoplongitude=shoplongitude if photoname == "": pass else: profile.shopbanner='shop/banner/'+photoname profile.save() return redirect('/seller/editshop') else: data['name']=request.user.seller.shopname data['shopbanner']=request.user.seller.shopbanner data['address']=request.user.seller.shopaddress data['longitude']=request.user.seller.shoplongitude data['latitude']=request.user.seller.shoplatitude return render(request,'seller/editshop.html',data)
def upload_file(request): if request.method == 'POST' and request.FILES['picture']: """ Uploading the picture first """ myFile = request.FILES['picture'] fs = FileSystemStorage() print(myFile.name) generagedFileName = fs.generate_filename(myFile.name) fileName = fs.save(generagedFileName, myFile) print("FILE NAME: " + fileName) uploaded_file_url = fs.url(fileName) print("FILE URL: " + uploaded_file_url) print(request.POST) # # Saving the post to DB" post = Post() post.product_brand = request.POST['product_brand'] post.product_model = request.POST['product_model'] post.prodcut_price = int(request.POST['product_price']) post.product_description = request.POST['product_description'] post.category = Category.objects.get( pk=int(request.POST['category_id'])) post.currency = Currency.objects.get( pk=int(request.POST['currency_id'])) post.publication_date = datetime.now() post.thumbnail_url = "http://sugar.pythonanywhere.com" + uploaded_file_url post.save() return JsonResponse('{"response": "ok"}', status=201, safe=False) return JsonResponse('{"response": "could not upload file"}', status=400, safe=False)
class DefaultStorageManager(StorageManagerInterface): def __init__(self): self._fsm = FileSystemStorage() def _get_concrete_manager(self): return DefaultStorageManager() def delete(self, name): return self._fsm.delete(name) def exists(self, name): return self._fsm.exists(name) def listdir(self, path): return self._fsm.listdir(path) def open(self, name, mode='rb'): try: return self._fsm.open(name, mode=mode) except SuspiciousFileOperation: return open(name, mode=mode) def path(self, name): return self._fsm.path(name) def save(self, name, content, max_length=None): return self._fsm.save(name, content, max_length=max_length) def size(self, name): return self._fsm.size(name) def url(self, name): return self._fsm.url(name) def generate_filename(self, filename): return self._fsm.generate_filename(filename)
def store_one_file(filepath, content): filepath = Path(filepath) content = content if isinstance(content, File) else File(content) fs = FileSystemStorage(filepath.parent) return Path(fs.path(fs.save(fs.generate_filename(filepath.name), content)))
def store_files(path, *files): fs = FileSystemStorage(path) return [ Path(fs.path(fs.save(fs.generate_filename(Path(f.name).name), f))) for f in map(as_django_file, files) ]