def test_storage_dangerous_paths_dir_name(self):
file_name = '/tmp/../path'
s = FileSystemStorage()
msg = "Detected path traversal attempt in '/tmp/..'"
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
s.get_available_name(file_name)
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
s.generate_filename(file_name)
def test_storage_dangerous_paths(self):
candidates = [
('/tmp/..', '..'),
('/tmp/.', '.'),
('', ''),
]
s = FileSystemStorage()
msg = "Could not derive file name from '%s'"
for file_name, base_name in candidates:
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg % base_name):
s.get_available_name(file_name)
with self.assertRaisesMessage(SuspiciousFileOperation, msg % base_name):
s.generate_filename(file_name)
def test_storage_dangerous_paths_dir_name(self):
candidates = [
("tmp/../path", "tmp/.."),
("tmp\\..\\path", "tmp/.."),
("/tmp/../path", "/tmp/.."),
("\\tmp\\..\\path", "/tmp/.."),
]
s = FileSystemStorage()
for file_name, path in candidates:
msg = "Detected path traversal attempt in '%s'" % path
with self.subTest(file_name=file_name):
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
s.get_available_name(file_name)
with self.assertRaisesMessage(SuspiciousFileOperation, msg):
s.generate_filename(file_name)
def picupdate(request):
data={
'title':'Dashboard',
'MEDIA_URL':MEDIA_URL,
'cancelledordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='cancelled')),
'pendingordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='pending')),
'deliveredordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='delivered')),
'totalorders':len(OrderHistory.objects.filter(sellerid=request.user.id))
}
try:
id= request.GET.get('q') ###Just a api
product=ProductData.objects.get(id=int(id))
if product.seller_id==SellerProfile.objects.get(user_id=request.user.id).id:
if request.method=='POST' and request.FILES['photo']:
name=request.POST.get('name')
photo = request.FILES['photo']
fs = FileSystemStorage(location='media/shop/product/')
filename = fs.save(photo.name, photo)
photoname=fs.generate_filename(filename)
product.photo='shop/product/'+photoname
product.save()
data['message']='''<div class="alert alert-success" role="alert">
Picture Updated Successfully</div>'''
data['allproducts']=ProductData.objects.filter(seller_id=SellerProfile.objects.get(user_id=request.user.id).id).order_by('id')
return render(request,'seller/update.html',data)
else:
data['name']=product.name
data['picurl']=product.photo
return render(request,'seller/picupdate.html',data)
else:
return HttpResponse('<h1>Fail To Update! Contact with SupportTeam</h1>')
except:
return HttpResponse('<h1>Some Error Occured ! Please Retry</h1>')
return render(request,'seller/picupdate.html',data)
def post(self, request):
if request.user.userflag:
try:
photo = request.FILES['file']
fs = FileSystemStorage(location='media/shop/product/')
photoname = photo.name.replace(" ", "")
photoname = photoname.replace("_", "")
filename = fs.save(photoname, photo)
photoname = fs.generate_filename(filename)
name = request.POST.get('name')
origin = request.POST.get('origin')
details = request.POST.get('details')
mrp = request.POST.get('mrp')
discount = request.POST.get('discount')
subcategory = request.POST.get('subcategory')
available = request.POST.get('available')
newproduct = ProductData.objects.create(
name=name,
details=details,
price=mrp,
originofproduct=origin,
available=available,
review=5,
discount=discount,
subcategory=subcategory,
photo='shop/product/' + photoname,
seller_id=SellerProfile.objects.get(
user_id=request.user.id).id)
newproduct.save()
return Response(status=status.HTTP_201_CREATED)
except:
return Response(status=status.HTTP_500_INTERNAL_SERVER_ERROR)
else:
return Response(status=status.HTTP_401_UNAUTHORIZED)
def sellerregistration(request):
data = {
'pendingcount':
len(OrderHistory.objects.filter(status='pending')),
'deliverycount':
len(OrderHistory.objects.filter(status='delivered')),
'cancelledcount':
len(OrderHistory.objects.filter(status='cancelled')),
'sellerprofilescount':
len(
CustomUser.objects.filter(userflag=True).filter(
is_superuser=False)),
'buyerprofilescount':
len(
CustomUser.objects.filter(userflag=False).filter(
is_superuser=False)),
}
if request.method == 'POST' and request.FILES:
sellername = request.POST.get('name')
phoneno = request.POST.get('phoneno')
email = request.POST.get('email')
password = request.POST.get('password')
category = request.POST.get('category')
shopName = request.POST.get('shopName')
address = request.POST.get('address')
longitude = request.POST.get('longitude')
latitude = request.POST.get('latitude')
homedelivery = request.POST.get('homedelivery')
deliverycharge = request.POST.get('deliverycharge')
bannerphoto = request.FILES['bannerphoto']
fs = FileSystemStorage(location='media/shop/banner/')
filename = fs.save(bannerphoto.name, bannerphoto)
photoname = fs.generate_filename(filename)
user = CustomUser.objects.create_user(
email=email,
phoneno=phoneno,
name=sellername,
userflag=True,
password=password,
verified=True,
)
user.set_password(password)
user.save()
userprofile = SellerProfile.objects.create(
user=user,
shopcategoty=category,
shopname=shopName,
shopaddress=address,
shoplongitude=longitude,
shoplatitude=latitude,
homedelivery=homedelivery,
deliverycharge=deliverycharge,
shopbanner='shop/banner/' + photoname,
)
userprofile.save()
data[
'message'] = '<div class="alert alert-success" role="alert">Seller Account Created Successfully</div>'
return render(request, 'adminpanel/sellerregistration.html', data)
return render(request, 'adminpanel/sellerregistration.html', data)
def landing_page(request):
data = {}
if request.method == "POST" and request.FILES['file']:
# print(request.FILES)
file = request.FILES['file']
fs = FileSystemStorage(location='deploymodel/datatmp/')
filename = fs.save(file.name, file)
photoname = fs.generate_filename(filename)
# print(os.path.abspath("./datatmp/"+photoname))
data['message'] = predict(photoname)
with open(
str(BASE_DIR) + "/deploymodel" + '/datatmp/' + photoname,
"rb") as image_file:
encoded_string = base64.b64encode(image_file.read())
print(encoded_string)
data['image'] = encoded_string.decode('utf-8')
return render(request, "deploymodel/index.html", data)
def addproduct(request):
data={
'title':'Dashboard',
'MEDIA_URL':MEDIA_URL,
'cancelledordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='cancelled')),
'pendingordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='pending')),
'deliveredordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='delivered')),
'totalorders':len(OrderHistory.objects.filter(sellerid=request.user.id)),
'subid':request.user.seller.shopcategoty,
}
if request.method == 'POST' and request.FILES['photo']:
photo = request.FILES['photo']
fs = FileSystemStorage(location='media/shop/product/')
filename = fs.save(photo.name, photo)
photoname=fs.generate_filename(filename)
name=request.POST.get('name')
origin=request.POST.get('origin')
details=request.POST.get('details')
mrp=request.POST.get('mrp')
discount=request.POST.get('discount')
subcategory=request.POST.get('subcategory')
available=request.POST.get('available')
newproduct=ProductData.objects.create(
name=name,
details=details,
price=mrp,
originofproduct=origin,
available=available,
review=5,
discount=discount,
subcategory=subcategory,
photo='shop/product/'+photoname,
seller_id=SellerProfile.objects.get(user_id=request.user.id).id
)
newproduct.save()
data['message']='''<div class="alert alert-success" role="alert">
Product Saved Successfully</div>'''
return render(request, 'seller/addproduct.html',data)
return render(request,'seller/addproduct.html',data)
def editshop(request):
data={
'title':'Dashboard',
'MEDIA_URL':MEDIA_URL,
'cancelledordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='cancelled')),
'pendingordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='pending')),
'deliveredordersnumber':len(OrderHistory.objects.filter(sellerid=request.user.id).filter(status='delivered')),
'totalorders':len(OrderHistory.objects.filter(sellerid=request.user.id))
}
if request.method=='POST':
if request.FILES :
photo = request.FILES['photo']
fs = FileSystemStorage(location='media/shop/banner/')
filename = fs.save(photo.name, photo)
photoname=fs.generate_filename(filename)
else:
photoname= ""
shopname=request.POST.get('name')
shopaddress=request.POST.get('shopaddress')
shoplatitude=request.POST.get('latitude')
shoplongitude=request.POST.get('longitude')
profile=request.user.seller
profile.shopname=shopname
profile.shopaddress=shopaddress
profile.shoplatitude=shoplatitude
profile.shoplongitude=shoplongitude
if photoname == "":
pass
else:
profile.shopbanner='shop/banner/'+photoname
profile.save()
return redirect('/seller/editshop')
else:
data['name']=request.user.seller.shopname
data['shopbanner']=request.user.seller.shopbanner
data['address']=request.user.seller.shopaddress
data['longitude']=request.user.seller.shoplongitude
data['latitude']=request.user.seller.shoplatitude
return render(request,'seller/editshop.html',data)
def upload_file(request):
if request.method == 'POST' and request.FILES['picture']:
"""
Uploading the picture first
"""
myFile = request.FILES['picture']
fs = FileSystemStorage()
print(myFile.name)
generagedFileName = fs.generate_filename(myFile.name)
fileName = fs.save(generagedFileName, myFile)
print("FILE NAME: " + fileName)
uploaded_file_url = fs.url(fileName)
print("FILE URL: " + uploaded_file_url)
print(request.POST)
# # Saving the post to DB"
post = Post()
post.product_brand = request.POST['product_brand']
post.product_model = request.POST['product_model']
post.prodcut_price = int(request.POST['product_price'])
post.product_description = request.POST['product_description']
post.category = Category.objects.get(
pk=int(request.POST['category_id']))
post.currency = Currency.objects.get(
pk=int(request.POST['currency_id']))
post.publication_date = datetime.now()
post.thumbnail_url = "http://sugar.pythonanywhere.com" + uploaded_file_url
post.save()
return JsonResponse('{"response": "ok"}', status=201, safe=False)
return JsonResponse('{"response": "could not upload file"}',
status=400,
safe=False)
class DefaultStorageManager(StorageManagerInterface):
def __init__(self):
self._fsm = FileSystemStorage()
def _get_concrete_manager(self):
return DefaultStorageManager()
def delete(self, name):
return self._fsm.delete(name)
def exists(self, name):
return self._fsm.exists(name)
def listdir(self, path):
return self._fsm.listdir(path)
def open(self, name, mode='rb'):
try:
return self._fsm.open(name, mode=mode)
except SuspiciousFileOperation:
return open(name, mode=mode)
def path(self, name):
return self._fsm.path(name)
def save(self, name, content, max_length=None):
return self._fsm.save(name, content, max_length=max_length)
def size(self, name):
return self._fsm.size(name)
def url(self, name):
return self._fsm.url(name)
def generate_filename(self, filename):
return self._fsm.generate_filename(filename)
def store_one_file(filepath, content):
filepath = Path(filepath)
content = content if isinstance(content, File) else File(content)
fs = FileSystemStorage(filepath.parent)
return Path(fs.path(fs.save(fs.generate_filename(filepath.name), content)))
def store_files(path, *files):
fs = FileSystemStorage(path)
return [
Path(fs.path(fs.save(fs.generate_filename(Path(f.name).name), f)))
for f in map(as_django_file, files)
]
