From 724a61a5d401696ef8ae8875f508a915d8761fc6 Mon Sep 17 00:00:00 2001 From: jakobsn Date: Tue, 12 Nov 2019 14:36:43 +0100 Subject: [PATCH] Support file upload --- src/app/.gitignore | 1 + src/app/templates/project.html | 7 +++++++ src/app/views/project.py | 29 +++++++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 src/app/.gitignore diff --git a/src/app/.gitignore b/src/app/.gitignore new file mode 100644 index 0000000..fc5a244 --- /dev/null +++ b/src/app/.gitignore @@ -0,0 +1 @@ +static/project* diff --git a/src/app/templates/project.html b/src/app/templates/project.html index 42500e4..721db8d 100644 --- a/src/app/templates/project.html +++ b/src/app/templates/project.html @@ -23,4 +23,11 @@ $def with (nav, project, tasks)
  • $task
    • + +
    + +
    + +
    + \ No newline at end of file diff --git a/src/app/views/project.py b/src/app/views/project.py index 979c48e..ce655f0 100644 --- a/src/app/views/project.py +++ b/src/app/views/project.py @@ -1,6 +1,8 @@ import web import models.project from views.utils import get_nav_bar +import cgi, os +import cgitb; cgitb.enable() # Get html templates render = web.template.render('templates/') @@ -26,5 +28,32 @@ class Project: tasks = models.project.get_tasks_by_project_id(data.projectid) else: project = [[]] + tasks = [[]] return render.project(nav, project[0], tasks) + + def POST(self): + data = web.input(myfile={}) + + fileitem = data['myfile'] + + # Test if the file was uploaded + if fileitem.filename: + data = web.input(projectid=0) + # strip leading path from file name to avoid + # directory traversal attacks + fn = os.path.basename(fileitem.filename) + + if not os.path.isdir(('static/project' + data.projectid)): + command = 'mkdir static/project' + data.projectid + os.popen(command) + + open('static/project' + data.projectid + '/' + fn, 'wb').write(fileitem.file.read()) + message = 'The file "' + fn + '" was uploaded successfully' + + else: + message = 'No file was uploaded' + + print (message) + + raise web.seeother('/project')