On Thursday, May 25, 2017 at 8:34:44 AM UTC-7, Maurice Ling wrote:
>
> Hi everyone,
>
> I am stuck with an issue - please refer to the code below.
>
> [...]
>
5. I will the want to copy the file into application/<app name>/upload
> folder using shutils (lines 17-25) but the file name will be changed to
> entry.file.<random number>.<original file name>
> 6. However, this does not work as I get the error that the file is not
> found.
> 7. For debugging, I print the source file name (line 21) and it only gave
> me the file name when I will need the entire file path for shutil.copy2()
> at line 25 to work.
> *[...]*
>
sourcefile = form.vars.uploadfile.filename
>
> 1. print sourcefile
> 2. newfile = upload_dir + os.sep + 'entry.file.' + \
> 3. str(int(random.random()*10000000000000)) + \
> 4. os.path.splitext(sourcefile)[-1]
> 5. shutil.copy2(sourcefile, newfile)
> 6.
>
> [...]
>
A browser won't tell you the path to the file, just the filename. It's a
security measure. The shutil.copy2() call can only handle files local to
the server. If you're using this page locally on the server, then you can
provide the path information through other channels.
I do something like this on my home machine, because I'm using my app to
tag my photos. Currently, I provide a text field on the form to enter
path (separate from filename), but I check that path against a list I keep
in the code. That limits the amount filesystem exploration someone could
do if they somehow got access to my app.
(BTW, drag-and-drop works for getting the filename into its field).
/dps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
