Check that uploaded images are valid images
This commit is contained in:
parent
60483ef542
commit
b3b1e421f2
26
app/utils.py
26
app/utils.py
|
@ -20,7 +20,7 @@ from flask_user import *
|
||||||
from flask_login import login_user, logout_user
|
from flask_login import login_user, logout_user
|
||||||
from app.models import *
|
from app.models import *
|
||||||
from app import app
|
from app import app
|
||||||
import random, string, os
|
import random, string, os, imghdr
|
||||||
|
|
||||||
def getExtension(filename):
|
def getExtension(filename):
|
||||||
return filename.rsplit(".", 1)[1].lower() if "." in filename else None
|
return filename.rsplit(".", 1)[1].lower() if "." in filename else None
|
||||||
|
@ -28,6 +28,10 @@ def getExtension(filename):
|
||||||
def isFilenameAllowed(filename, exts):
|
def isFilenameAllowed(filename, exts):
|
||||||
return getExtension(filename) in exts
|
return getExtension(filename) in exts
|
||||||
|
|
||||||
|
ALLOWED_IMAGES = set(["jpeg", "png"])
|
||||||
|
def isAllowedImage(data):
|
||||||
|
return imghdr.what(None, data) in ALLOWED_IMAGES
|
||||||
|
|
||||||
def shouldReturnJson():
|
def shouldReturnJson():
|
||||||
return "application/json" in request.accept_mimetypes and \
|
return "application/json" in request.accept_mimetypes and \
|
||||||
not "text/html" in request.accept_mimetypes
|
not "text/html" in request.accept_mimetypes
|
||||||
|
@ -36,16 +40,32 @@ def randomString(n):
|
||||||
return ''.join(random.choice(string.ascii_lowercase + \
|
return ''.join(random.choice(string.ascii_lowercase + \
|
||||||
string.ascii_uppercase + string.digits) for _ in range(n))
|
string.ascii_uppercase + string.digits) for _ in range(n))
|
||||||
|
|
||||||
def doFileUpload(file, allowedExtensions, fileTypeName):
|
def doFileUpload(file, fileType, fileTypeDesc):
|
||||||
if not file or file is None or file.filename == "":
|
if not file or file is None or file.filename == "":
|
||||||
flash("No selected file", "error")
|
flash("No selected file", "error")
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
allowedExtensions = []
|
||||||
|
isImage = False
|
||||||
|
if fileType == "image":
|
||||||
|
allowedExtensions = ["jpg", "jpeg", "png"]
|
||||||
|
isImage = True
|
||||||
|
elif filetype == "zip":
|
||||||
|
allowedExtensions = ["zip"]
|
||||||
|
else:
|
||||||
|
raise Exception("Invalid fileType")
|
||||||
|
|
||||||
ext = getExtension(file.filename)
|
ext = getExtension(file.filename)
|
||||||
if ext is None or not ext in allowedExtensions:
|
if ext is None or not ext in allowedExtensions:
|
||||||
flash("Please upload load " + fileTypeName, "error")
|
flash("Please upload load " + fileTypeDesc, "danger")
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
if isImage and not isAllowedImage(file.stream.read()):
|
||||||
|
flash("Uploaded image isn't actually an image", "danger")
|
||||||
|
return None
|
||||||
|
|
||||||
|
file.stream.seek(0)
|
||||||
|
|
||||||
filename = randomString(10) + "." + ext
|
filename = randomString(10) + "." + ext
|
||||||
file.save(os.path.join("app/public/uploads", filename))
|
file.save(os.path.join("app/public/uploads", filename))
|
||||||
return "/uploads/" + filename
|
return "/uploads/" + filename
|
||||||
|
|
|
@ -96,7 +96,7 @@ def create_release_page(package):
|
||||||
|
|
||||||
return redirect(url_for("check_task", id=rel.task_id, r=rel.getEditURL()))
|
return redirect(url_for("check_task", id=rel.task_id, r=rel.getEditURL()))
|
||||||
else:
|
else:
|
||||||
uploadedPath = doFileUpload(form.fileUpload.data, ["zip"], "a zip file")
|
uploadedPath = doFileUpload(form.fileUpload.data, "zip", "a zip file")
|
||||||
if uploadedPath is not None:
|
if uploadedPath is not None:
|
||||||
rel = PackageRelease()
|
rel = PackageRelease()
|
||||||
rel.package = package
|
rel.package = package
|
||||||
|
|
|
@ -49,7 +49,7 @@ def create_screenshot_page(package, id=None):
|
||||||
# Initial form class from post data and default data
|
# Initial form class from post data and default data
|
||||||
form = CreateScreenshotForm()
|
form = CreateScreenshotForm()
|
||||||
if request.method == "POST" and form.validate():
|
if request.method == "POST" and form.validate():
|
||||||
uploadedPath = doFileUpload(form.fileUpload.data, ["png", "jpg", "jpeg"],
|
uploadedPath = doFileUpload(form.fileUpload.data, "image",
|
||||||
"a PNG or JPG image file")
|
"a PNG or JPG image file")
|
||||||
if uploadedPath is not None:
|
if uploadedPath is not None:
|
||||||
ss = PackageScreenshot()
|
ss = PackageScreenshot()
|
||||||
|
|
Loading…
Reference in New Issue