def file_serve(file_indicator = None): if file_indicator is None: return homepage() ufile = _get_ufile(file_indicator) preview = _get_preview(ufile) fileext = _get_fileext(ufile) # unlock password protection file if funcs.is_admin_login(): ufile.password = '' if ufile.password and request.method == 'POST': password = request.form.get('p-word') if ufile.password == password: ufile.password = '' if ufile.password: preview = 'icon' fileext = 'secret' # is_expired if isinstance(ufile.expire_at, datetime): ufile.is_expired = ufile.expire_at < datetime.utcnow() else: ufile.is_expired = False visitkey = gen_passwd() page_title = ufile.name #beautiful filename pos = ufile.filename.rfind('.') if pos != -1: ufile.beautiful_filename = "%s%s" % (ufile.name, ufile.filename[pos:]) else: ufile.beautiful_filename = ufile.name response = make_response(render_template('file.html', ufile=ufile, preview = preview, fileext = fileext, file_indicator = file_indicator, visitkey=visitkey, edit_page = True, title=page_title)) if not ufile.password and not ufile.is_expired: response.set_cookie(sf_cookie_name(ufile.filename), sf_cookie_val(ufile.filename, visitkey)) else: response.set_cookie(sf_cookie_name(ufile.filename), "") return response
def edit_file(file_indicator = None): if request.method == 'GET' and file_indicator is None: return homepage() if not funcs.is_admin_login(): abort(403) ufile = None if request.method == 'POST': try: ufile = UFile.query.filter(UFile.id == int(request.form.get('file_id'))).first() except: ufile = None if not ufile: abort(403) err = False name = Markup(request.form.get('name')).striptags().strip() if not name: err = True flash('Title is empty or contains illegal characters.') else: ufile.name = name url = re.sub('[^%a-zA-Z0-9_\-\.]', '', request.form.get('url')).strip('-') if not url: err = True flash('URL is empty or contains illegal characters.') else: ufile.url = url if UFile.query.filter(UFile.url == 'url').count() > 0: err = True flash('URL has already existed.') ufile.password = request.form.get('password').strip() if not ufile.password: ufile.password = None ufile.description = request.form.get('description').strip() if not ufile.description: ufile.description = None try: expire_delta = int(request.form.get('expire_delta')) except: expire_delta = -1 if expire_delta == -1: pass else: if expire_delta == 0: ufile.expire_at = None else: ufile.expire_at = datetime.utcnow()+timedelta(hours=expire_delta) for item in ['linkable', 'download', 'homeshow']: if request.form.get(item) == 'yes': setattr(ufile, item, True) else: setattr(ufile, item, False) if not err: db_session.add(ufile) try: db_session.commit() return redirect(url_for('file_serve',file_indicator=url)) except: flash('Failed to update database.') if ufile is None: ufile = _get_ufile(file_indicator) preview = _get_preview(ufile) fileext = _get_fileext(ufile) visitkey = gen_passwd() page_title = "Edit \"%s\"" % ufile.name if ufile.description is None: ufile.description = '' if ufile.password is None: ufile.password = '' response = make_response(render_template('edit.html', ufile=ufile, preview = preview, fileext = fileext, file_indicator = file_indicator, visitkey=visitkey, edit_page = False, title=page_title)) response.set_cookie(sf_cookie_name(ufile.filename), sf_cookie_val(ufile.filename, visitkey)) return response