diff options
Diffstat (limited to 'matweb')
| -rw-r--r-- | matweb/frontend.py | 6 | ||||
| -rw-r--r-- | matweb/rest_api.py | 10 | ||||
| -rw-r--r-- | matweb/utils.py | 2 |
3 files changed, 14 insertions, 4 deletions
diff --git a/matweb/frontend.py b/matweb/frontend.py index 2e25467..8295f4e 100644 --- a/matweb/frontend.py +++ b/matweb/frontend.py | |||
| @@ -53,8 +53,12 @@ def upload_file(): | |||
| 53 | if not uploaded_file.filename: | 53 | if not uploaded_file.filename: |
| 54 | flash('No selected file') | 54 | flash('No selected file') |
| 55 | return redirect(request.url) | 55 | return redirect(request.url) |
| 56 | try: | ||
| 57 | filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER']) | ||
| 58 | except ValueError: | ||
| 59 | flash('Invalid Filename') | ||
| 60 | return redirect(request.url) | ||
| 56 | 61 | ||
| 57 | filename, filepath = utils.save_file(uploaded_file, current_app.config['UPLOAD_FOLDER']) | ||
| 58 | parser, mime = utils.get_file_parser(filepath) | 62 | parser, mime = utils.get_file_parser(filepath) |
| 59 | 63 | ||
| 60 | if parser is None: | 64 | if parser is None: |
diff --git a/matweb/rest_api.py b/matweb/rest_api.py index 4098050..a07d2d2 100644 --- a/matweb/rest_api.py +++ b/matweb/rest_api.py | |||
| @@ -28,11 +28,15 @@ class APIUpload(Resource): | |||
| 28 | args = req_parser.parse_args() | 28 | args = req_parser.parse_args() |
| 29 | try: | 29 | try: |
| 30 | file_data = base64.b64decode(args['file']) | 30 | file_data = base64.b64decode(args['file']) |
| 31 | except binascii.Error as err: | 31 | except (binascii.Error, ValueError): |
| 32 | abort(400, message='Failed decoding file: ' + str(err)) | 32 | abort(400, message='Failed decoding file') |
| 33 | 33 | ||
| 34 | file = FileStorage(stream=io.BytesIO(file_data), filename=args['file_name']) | 34 | file = FileStorage(stream=io.BytesIO(file_data), filename=args['file_name']) |
| 35 | filename, filepath = utils.save_file(file, self.upload_folder) | 35 | try: |
| 36 | filename, filepath = utils.save_file(file, self.upload_folder) | ||
| 37 | except ValueError: | ||
| 38 | abort(400, message='Invalid Filename') | ||
| 39 | |||
| 36 | parser, mime = utils.get_file_parser(filepath) | 40 | parser, mime = utils.get_file_parser(filepath) |
| 37 | 41 | ||
| 38 | if parser is None: | 42 | if parser is None: |
diff --git a/matweb/utils.py b/matweb/utils.py index ec9b99c..20c213d 100644 --- a/matweb/utils.py +++ b/matweb/utils.py | |||
| @@ -65,6 +65,8 @@ def get_supported_extensions(): | |||
| 65 | 65 | ||
| 66 | def save_file(file, upload_folder): | 66 | def save_file(file, upload_folder): |
| 67 | filename = secure_filename(file.filename) | 67 | filename = secure_filename(file.filename) |
| 68 | if not filename: | ||
| 69 | raise ValueError('Invalid Filename') | ||
| 68 | filepath = os.path.join(upload_folder, filename) | 70 | filepath = os.path.join(upload_folder, filename) |
| 69 | file.save(os.path.join(filepath)) | 71 | file.save(os.path.join(filepath)) |
| 70 | return filename, filepath | 72 | return filename, filepath |