aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r
diff options
context:
space:
mode:
Diffstat (limited to 'pyaggr3g470r')
-rw-r--r--pyaggr3g470r/__init__.py8
-rw-r--r--pyaggr3g470r/views.py23
2 files changed, 21 insertions, 10 deletions
diff --git a/pyaggr3g470r/__init__.py b/pyaggr3g470r/__init__.py
index c429c4de..2f52dc2c 100644
--- a/pyaggr3g470r/__init__.py
+++ b/pyaggr3g470r/__init__.py
@@ -16,6 +16,14 @@ app.config['SECRET_KEY'] = os.urandom(12)
app.config['SQLALCHEMY_DATABASE_URI'] = conf.SQLALCHEMY_DATABASE_URI
db = SQLAlchemy(app)
+ALLOWED_EXTENSIONS = set(['xml', 'opml'])
+
+def allowed_file(filename):
+ """
+ Check if the uploaded WSW file is allowed.
+ """
+ return '.' in filename and \
+ filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS
if not conf.ON_HEROKU:
app.config["MAIL_SERVER"] = conf.MAIL_HOST
diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py
index 11e60880..1afcecb2 100644
--- a/pyaggr3g470r/views.py
+++ b/pyaggr3g470r/views.py
@@ -42,7 +42,7 @@ import models
if not conf.ON_HEROKU:
import search as fastsearch
from forms import SigninForm, AddFeedForm, ProfileForm
-from pyaggr3g470r import app, db
+from pyaggr3g470r import app, db, allowed_file
from pyaggr3g470r.models import User, Feed, Article, Role
Principal(app)
@@ -492,15 +492,18 @@ def management():
"""
if request.method == 'POST':
# Import an OPML file
- data = request.files['opmlfile']
- opml_path = os.path.join("./pyaggr3g470r/var/", data.filename)
- data.save(opml_path)
- try:
- nb, nb_already = utils.import_opml(g.user.email, opml_path)
- flash(str(nb) + " feeds imported (" + str(nb_already) + \
- " already in the database).", "success")
- except Exception as e:
- flash("Impossible to import the new feeds.", "danger")
+ data = request.files.get('opmlfile', None)
+ if None == data or not allowed_file(data.filename):
+ flash('File not allowed.', 'danger')
+ else:
+ opml_path = os.path.join("./pyaggr3g470r/var/", data.filename)
+ data.save(opml_path)
+ try:
+ nb, nb_already = utils.import_opml(g.user.email, opml_path)
+ flash(str(nb) + " feeds imported (" + str(nb_already) + \
+ " already in the database).", "success")
+ except Exception as e:
+ flash("Impossible to import the new feeds.", "danger")
form = AddFeedForm()
bgstack15