def upload(request, project_id):
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
if form.is_valid():
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#A1 - Injection (SQLi)
curs = connection.cursor()
curs.execute(
"insert into taskManager_file ('name','path','project_id') values ('%s','%s',%s)" %
(name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id +
'/', {'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render_to_response(
'taskManager/upload.html', {'form': form}, RequestContext(request))
def upload(request, project_id):
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
if form.is_valid():
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#A1 - Injection (SQLi)
curs = connection.cursor()
curs.execute(
"insert into taskManager_file ('name','path','project_id') values ('%s','%s',%s)"
% (name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id + '/',
{'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render_to_response('taskManager/upload.html', {'form': form},
RequestContext(request))
def upload(request, project_id):
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
if (form.is_valid()) and (proj.users_assigned.filter(
id=request.user.id).exists()):
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#Insert file details into the database
curs = connection.cursor()
curs.execute(
"insert into taskManager_file ('name','path','project_id') values ( %s, %s, %s)",
(name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id + '/project_details/',
{'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render(request, 'taskManager/upload.html', {'form': form})
def upload(request, project_id):
logger.info('User %s upload %s' % (request.user.username,project_id))
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
## kind of janky, you have to subimt a file and file by url, I wasn't sure how to get the form to validate
if (form.is_valid()) and (proj.users_assigned.filter(id=request.user.id).exists()):
if request.POST.get('url', False) != None:
name = request.POST.get('name', False)
url = request.POST.get('url', False)
response = requests.get(url, timeout=15) #making request for image
_file = response.content # taking response content and storing it in _file var
content_type = response.headers["Content-Type"]
if "image" in content_type:
upload_path = store_url_data(url, _file)
else:
messages.warning(request, "Error in URL Upload")
# I don't know how to return the data _file.decode("utf-8")
return render(request, 'taskManager/upload.html', {'data': (_file.decode("utf-8"),"Good effort but we can't give you everything!")["security-credentials" in url] , 'name': name, 'url': url })
else:
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#Insert file details into the database
curs = connection.cursor()
curs.execute(
"insert into taskManager_file (name,path,project_id) values (%s, %s, %s)",
(name, upload_path, project_id))
# file = File(
#name = name,
#path = upload_path,
# project = proj)
# file.save()
return redirect('/taskManager/' + project_id +
'/project_details/', {'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render(
request, 'taskManager/upload.html', {'form': form})