[web2py] Re: REF: Issue with uploading files with web2py

Mon, 24 Feb 2014 22:00:24 -0800 

$filename = $_FILES["file"]["name"];
move_uploaded_file($_FILES["file"]["tmp_name"], "uploaded/".$filename);

would be:

import shutil, os
filename  = request.post_vars.file.filename
shutil.copyfileobj(request.post_vars.file.file, 
open(os.path.join(uploaded,filename),'w'))

This is very UNSAFE (both in python/web2py and in PHP). It can be used by 
the user to overwrite almost any file on the filesystem. The filename has 
to be sanitized.

On Monday, 24 February 2014 01:35:02 UTC-6, software.ted wrote:
>
> I am extremely stuck on how to manage uploaded file, I have been working 
> with web2py now for over a year and I like its flexibility, I have been 
> working on an application that is ajax based using my own file. Now i have 
> the following scenario i need help with:
>
> DB
> =======
>
> db.create_table("person", Field("first_name"), Field("photo", "upload"), 
> ...)
>
> Controller:
>
> def manage_person():
>     try:
>         value = db.person.update_or_insert(id == request.vars.id, 
> first_name=request.vars.first_name, photo=request.vars.photo, ...)
>     except ...:
>
>     return value
>
> Now my question is how do i move the upaded image to say the upload 
> folder, i was thinking web2py will put the physical image in upload folder 
> according to documentation but unfortunately folder is empty. The DB hower 
> gets updated with a the following: C:\fakepath\xxxx.jpg.
>
> Any ideas?
>
> Kind regards,
>     
>
>
> -- 
>
> .......................................................................................
> Teddy Lubasi Nyambe
> Opensource Zambia
> Lusaka, ZAMBIA
>
> Cell: +260 97 7760473
> website: http://www.opensource.org.zm
>
> ~/
> Human Knowledge belongs to the world! - AntiTrust
>
> Man is a tool-using animal. Without tools he is nothing, with tools he is 
> all - Thomas Carlyle 1795-1881
>
> /~ 
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to