diff options
| author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-04-23 21:39:20 +0200 |
|---|---|---|
| committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-04-23 21:39:20 +0200 |
| commit | eed0706433885207ea7ebae208a072f198a04367 (patch) | |
| tree | bfe8bd43c1b16bf5b2503a0a1f560156d65085fa | |
| parent | Minor bugfix. (diff) | |
| download | newspipe-eed0706433885207ea7ebae208a072f198a04367.tar.gz newspipe-eed0706433885207ea7ebae208a072f198a04367.tar.bz2 newspipe-eed0706433885207ea7ebae208a072f198a04367.zip | |
This fixes #1.
| -rw-r--r-- | pyaggr3g470r/__init__.py | 8 | ||||
| -rw-r--r-- | pyaggr3g470r/views.py | 23 |
2 files changed, 21 insertions, 10 deletions
diff --git a/pyaggr3g470r/__init__.py b/pyaggr3g470r/__init__.py index c429c4de..2f52dc2c 100644 --- a/pyaggr3g470r/__init__.py +++ b/pyaggr3g470r/__init__.py @@ -16,6 +16,14 @@ app.config['SECRET_KEY'] = os.urandom(12) app.config['SQLALCHEMY_DATABASE_URI'] = conf.SQLALCHEMY_DATABASE_URI db = SQLAlchemy(app) +ALLOWED_EXTENSIONS = set(['xml', 'opml']) + +def allowed_file(filename): + """ + Check if the uploaded WSW file is allowed. + """ + return '.' in filename and \ + filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS if not conf.ON_HEROKU: app.config["MAIL_SERVER"] = conf.MAIL_HOST diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py index 11e60880..1afcecb2 100644 --- a/pyaggr3g470r/views.py +++ b/pyaggr3g470r/views.py @@ -42,7 +42,7 @@ import models if not conf.ON_HEROKU: import search as fastsearch from forms import SigninForm, AddFeedForm, ProfileForm -from pyaggr3g470r import app, db +from pyaggr3g470r import app, db, allowed_file from pyaggr3g470r.models import User, Feed, Article, Role Principal(app) @@ -492,15 +492,18 @@ def management(): """ if request.method == 'POST': # Import an OPML file - data = request.files['opmlfile'] - opml_path = os.path.join("./pyaggr3g470r/var/", data.filename) - data.save(opml_path) - try: - nb, nb_already = utils.import_opml(g.user.email, opml_path) - flash(str(nb) + " feeds imported (" + str(nb_already) + \ - " already in the database).", "success") - except Exception as e: - flash("Impossible to import the new feeds.", "danger") + data = request.files.get('opmlfile', None) + if None == data or not allowed_file(data.filename): + flash('File not allowed.', 'danger') + else: + opml_path = os.path.join("./pyaggr3g470r/var/", data.filename) + data.save(opml_path) + try: + nb, nb_already = utils.import_opml(g.user.email, opml_path) + flash(str(nb) + " feeds imported (" + str(nb_already) + \ + " already in the database).", "success") + except Exception as e: + flash("Impossible to import the new feeds.", "danger") form = AddFeedForm() |