6 yıl önce · 724a61a5d4
--- a/src/app/.gitignore
+++ b/src/app/.gitignore
@@ -0,0 +1 @@
 static/project*
--- a/src/app/templates/project.html
+++ b/src/app/templates/project.html
@@ -23,4 +23,11 @@ $def with (nav, project, tasks)
                <li id="$task[0]">$task</li>
        </ul>

        
        <form method="POST" enctype="multipart/form-data" action="">
            <input type="file" name="myfile" />
            <br/>
            <input type="submit" />
        </form>
            
 </body>
--- a/src/app/views/project.py
+++ b/src/app/views/project.py
@@ -1,6 +1,8 @@
 import web
 import models.project
 from views.utils import get_nav_bar
 import cgi, os
 import cgitb; cgitb.enable()

 # Get html templates
 render = web.template.render('templates/')
@@ -26,5 +28,32 @@ class Project:
            tasks = models.project.get_tasks_by_project_id(data.projectid)
        else:
            project = [[]]
            tasks = [[]]
        
        return render.project(nav, project[0], tasks)

    def POST(self):
        data = web.input(myfile={})

        fileitem = data['myfile']
        
        # Test if the file was uploaded
        if fileitem.filename:
            data = web.input(projectid=0)
            # strip leading path from file name to avoid 
            # directory traversal attacks
            fn = os.path.basename(fileitem.filename)

            if not os.path.isdir(('static/project' + data.projectid)):
                command = 'mkdir static/project' + data.projectid
                os.popen(command)

            open('static/project' + data.projectid + '/' + fn, 'wb').write(fileitem.file.read())
            message = 'The file "' + fn + '" was uploaded successfully'
            
        else:
            message = 'No file was uploaded'
        
        print (message)

        raise web.seeother('/project')