Python Functions
def XMLtoFileObject(self, fname, tree=None):
"""
Gets as arguments a filename and a tree then writes the tree to a file with
the given filename.Returns true if everything has been accomplished
correctly.A IO error is also raised in the bad case.
"""
try :
import os.path
xmlworktree = tree
if os.path.exists(fname):
xmlobj = file(fname,mode='ab+')
else:
xmlobj = file(fname,mode='wb+')
xmlobj.write(xmlworktree)
xmlobj.close()
return True
except ImportError:
raise ImportError, "os.path missing or behaving uncorrectly.Review your \s
Python's version notes"
def upload(self, data):
fileupload = self.request['form.data']
if fileupload and fileupload.filename:
contenttype = fileupload.headers.get('Content-Type')
file_ = zope.app.file.file.File(data, contenttype)
# use the INameChooser registered for your file upload container
filename = INameChooser(container).chooseName(fileupload.filename)
self.context[filename] = file_
#!/usr/bin/env python
import cgi, os
import cgitb; cgitb.enable()
try: # Windows needs stdio set for binary mode.
import msvcrt
msvcrt.setmode (0, os.O_BINARY) # stdin = 0
msvcrt.setmode (1, os.O_BINARY) # stdout = 1
except ImportError:
pass
form = cgi.FieldStorage()
# A nested FieldStorage instance holds the file
fileitem = form['file']
# Test if the file was uploaded
if fileitem.filename:
# strip leading path from file name to avoid directory traversal attacks
fn = os.path.basename(fileitem.filename)
open('files/' + fn, 'wb').write(fileitem.file.read())
message = 'The file "' + fn + '" was uploaded successfully'
else:
message = 'No file was uploaded'
print """\s
Content-Type: text/html\sn
<html><body>
<p>%s</p>
</body></html>
""" % (message,)
Same as the above but buffers IO
<html><body>
<%
# Generator to buffer file chunks
def fbuffer(f, chunk_size=10000):
while True:
chunk = f.read(chunk_size)
if not chunk: break
yield chunk
if form.has_key('file') and form['file'].filename:
# A nested Field object holds the file
fileitem = form['file']
try: # Windows needs stdio set for binary mode.
import msvcrt
msvcrt.setmode (0, os.O_BINARY) # stdin = 0
msvcrt.setmode (1, os.O_BINARY) # stdout = 1
except ImportError:
pass
# strip leading path from file name to avoid directory traversal attacks
fname = os.path.basename(fileitem.filename)
# build absolute path to files directory
dir_path = os.path.join(os.path.dirname(req.filename), 'files')
f = open(os.path.join(dir_path, fname), 'wb', 10000)
# Read the file in chunks
for chunk in fbuffer(fileitem.file):
f.write(chunk)
f.close()
message = 'The file "%s" was uploaded successfully' % fname
%>
<p><%= message %></p>
<p><a href="">Upload another file</a></p>
<%
else:
#
%>
<form enctype="multipart/form-data" action="" method="post">
<p>File: <input type="file" name="file"></p>
<p><input type="submit" value="Upload"></p>
</form>
<%
#
%>
</body></html>
JUL OCT NOV
21
2003 2004 2005
2 captures
15 Jul 04 - 21 Oct 04
Close
Help
# upload form/script
"""
A simple form to upload a file with allowed extensions
"txt,htm,html,png,gif,jpg,ico,zip,rar,avi,mpg,rm,ram,wma,mp3,wav,pdf,doc,ppt"
to directory "../upload" (see ***SCRIPT PARAMETERS***)
Copyright (C) Georgy Pruss 2003,2004
Tested on Windows XP Home/Apache 2.0.43/Python 2.3
"""
# The upload form
# 1st parameter - (this) script name
# 2nd parameter - file field name
the_form = """
<FORM METHOD="POST" ACTION="%s" enctype="multipart/form-data">
<INPUT TYPE=FILE NAME="%s" size=50>
<INPUT TYPE="SUBMIT" VALUE="Upload">
</FORM>
"""
try:
import msvcrt,os
msvcrt.setmode( 0, os.O_BINARY ) # stdin = 0
msvcrt.setmode( 1, os.O_BINARY ) # stdout = 1
except ImportError:
pass
print "Content type: text/html"
print
import sys, os, traceback, re
import cgi
import cgitb; cgitb.enable()
def strip_path( fpname ):
"""strip off leading path and drive stuff from dos/unix/mac file full name
takes care of '/' ':' '\s' '%2f' '%5c' '%3a'
"""
fname = re.sub( r"(%(2f|2F|5c|5C|3a|3A))|/|\s\s|:", '/', fpname )
delim = fname.rfind( '/' ) # -1 for not found, will return full fname
return fname[delim+1:]
def check_ext( file_name, ext_set ):
ext = file_name.rfind('.')
if ext < 0:
return False
ext = file_name[ext+1:].lower()
# was re.match( '^(gif)|(jpg)|(zip)$', ext, re.I )
exts = ext_set.lower().split(',')
for good_ext in exts:
if ext == good_ext:
return True
return False
class UploadException:
def __init__(self,rsn): self.reason = rsn
NO_FILE_FIELD = -1
NO_FILENAME = -2
BAD_EXTENTION = -3
NO_FILE = -4
def process_fileitem( file_item_name, local_file_path = './', allowed_file_types = 'jpg' ):
"""Gets file from form field file_item_name and saves it with the original
file name to local_file_path. Returns (file_length,file_name) if success.
Otherwise raise UploadException( NO_FILE_FIELD|NO_FILENAME|BAD_EXTENTION|NO_FILE )
"""
form = cgi.FieldStorage()
if not form.has_key( file_item_name ):
raise UploadException( NO_FILE_FIELD )
file_item = form[ file_item_name ]
if not file_item.filename:
raise UploadException( NO_FILENAME )
remote_file_name = file_item.filename
file_name = strip_path( remote_file_name )
if not check_ext( file_name, allowed_file_types ):
raise UploadException( BAD_EXTENTION )
local_file_name = os.path.join( local_file_path, file_name )
if not file_item.file:
raise UploadException( NO_FILE )
data = file_item.file.read( 5*1024*1024 ) # max 5 megabyte
# or data = fileitem.value
# or data = form.getvalue( file_item_name, "" )
fstrm = open( local_file_name, "wb" )
fstrm.write( data )
fstrm.close()
return (len(data), file_name)
print "<html><head><title>Upload form</title></head><body>"
try:
# ***SCRIPT PARAMETERS***
file_field_name = "filename"
loc_path = "../upload"
file_types = "txt,htm,html,png,gif,jpg,ico,zip,rar,avi,mpg,rm,ram,wma,mp3,wav,pdf,doc,ppt"
try:
flen, fname = process_fileitem( file_field_name, loc_path, file_types )
print '%d bytes received to <a href="%s/%s">%s</a>' % \s
(flen, loc_path, fname, fname)
except UploadException, ex:
if ex.reason == NO_FILE_FIELD or ex.reason == NO_FILENAME:
print "<p>Browse for file to upload.</p>"
elif ex.reason == BAD_EXTENTION:
print "<p>Illegal file, only %s allowed.</p>" % file_types
else: # NO_FILE
print "<p>No file received. Please repeat.</p>"
print the_form % (strip_path( __file__ ), file_field_name)
except:
print "<pre style='color:red; background:white;'>"
sys.stderr = sys.stdout
traceback.print_exc()
print "</pre>"
print "</body></html>"
# EOF