From 58be0d9e3be14f00afd7de061b9a3e1908eead91 Mon Sep 17 00:00:00 2001
From: jakobsn <jakob_sn_@hotmail.com>
Date: Tue, 12 Nov 2019 15:25:29 +0100
Subject: [PATCH] Correctly upload to task folder

---
 src/app/templates/project.html | 19 ++++++++++++-------
 src/app/views/project.py       | 26 ++++++++++++++++++--------
 2 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/src/app/templates/project.html b/src/app/templates/project.html
index 721db8d..24fce68 100644
--- a/src/app/templates/project.html
+++ b/src/app/templates/project.html
@@ -20,14 +20,19 @@ $def with (nav, project, tasks)
 
         <ul>
             $for task in tasks:
-                <li id="$task[0]">$task</li>
+                <li id="$task[0]">$task 
+                    <br>                
+                    <form method="POST" enctype="multipart/form-data" action="">
+                        <input type="file" name="myfile" />
+                        <br/>
+                        <input type="hidden" name="taskid" value="$task[0]"/>
+                        <input type="submit" name="submit"/>
+                    </form>
+                </li>
         </ul>
 
-        
-        <form method="POST" enctype="multipart/form-data" action="">
-            <input type="file" name="myfile" />
-            <br/>
-            <input type="submit" />
-        </form>
+        <img src="static/honeybee.png" alt="Honeybee">
+
+
             
 </body>
\ No newline at end of file
diff --git a/src/app/views/project.py b/src/app/views/project.py
index ce655f0..b218226 100644
--- a/src/app/views/project.py
+++ b/src/app/views/project.py
@@ -3,6 +3,7 @@ import models.project
 from views.utils import get_nav_bar
 import cgi, os
 import cgitb; cgitb.enable()
+from time import sleep
 
 # Get html templates
 render = web.template.render('templates/')
@@ -40,15 +41,23 @@ class Project:
         # Test if the file was uploaded
         if fileitem.filename:
             data = web.input(projectid=0)
-            # strip leading path from file name to avoid 
-            # directory traversal attacks
-            fn = os.path.basename(fileitem.filename)
 
-            if not os.path.isdir(('static/project' + data.projectid)):
-                command = 'mkdir static/project' + data.projectid
+            fn = fileitem.filename
+            print(data)
+            # Create the project directory if it doesnt exist
+            path = 'static/project' + data.projectid
+            if not os.path.isdir(path):
+                command = 'mkdir ' + path
                 os.popen(command)
-
-            open('static/project' + data.projectid + '/' + fn, 'wb').write(fileitem.file.read())
+                sleep(0.5)
+            path = path + '/task' + data.taskid
+            print(path)
+            if not os.path.isdir(path):
+                print(data.taskid)
+                command = 'mkdir ' + path
+                os.popen(command)
+                sleep(0.5)
+            open(path + '/' + fn, 'wb').write(fileitem.file.read())
             message = 'The file "' + fn + '" was uploaded successfully'
             
         else:
@@ -56,4 +65,5 @@ class Project:
         
         print (message)
 
-        raise web.seeother('/project')
+        raise web.seeother(('/project?projectid=' + data.projectid))
+