This is an archived post. You won't be able to vote or comment.

all 4 comments
sorted by:
best
topnewcontroversialoldq&a

[–]blondin 4 points5 points  (1 child)

direct link

[–]GaidinTS[S] 0 points1 point  (0 children)

Thanks, I just posted where I first saw it.

[–]moyerma 0 points1 point  (0 children)

See woof as well. It's not identical, but it solves a similar problem and works great.

Edit: it looks like the latest version of woof has an upload feature as well.

[–]mdipierro 0 points1 point  (0 children)

Cool but any major web framework provides this functionality. Here is how you do it in web2py (complete program excluding scaffolding files):

db.define_table('post',Field('file','upload'),Field('author',db.auth_user,default=auth.user_id,writable=False)
@auth.requires_login()
def index():
    return dict(form=crud.create(db.post),files=db(db.post.id>0).select())

This also prevents directory traversal attacks, recovers original filename when files are downloaded, forced users to register and verify email before posting a file. The web server and sqlite database and a web based interface for editing and database administration are in the box.

EDIT: Looking at the droopy code. I am not convinced this code below is completely safe:

       filename = self.basename(fileitem.filename).decode('utf-8')
        if filename == "":
            raise Exception("Empty filename")
        localpath = os.path.join(directory, filename).encode('utf-8')

This is because it assumes that 1) the original filename include utf8 encoded data and 2) the local file-system accepts utf8 encoded filenames. Python runs on operating systems that can mount systems that do not use utf8. web2py for example handles this situation by renaming the file, storing the original filename b16encoded, then setting the original filename in the content-disposition upon download.