From eed0706433885207ea7ebae208a072f198a04367 Mon Sep 17 00:00:00 2001 From: Cédric Bonhomme Date: Wed, 23 Apr 2014 21:39:20 +0200 Subject: This fixes #1. --- pyaggr3g470r/__init__.py | 8 ++++++++ pyaggr3g470r/views.py | 23 +++++++++++++---------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/pyaggr3g470r/__init__.py b/pyaggr3g470r/__init__.py index c429c4de..2f52dc2c 100644 --- a/pyaggr3g470r/__init__.py +++ b/pyaggr3g470r/__init__.py @@ -16,6 +16,14 @@ app.config['SECRET_KEY'] = os.urandom(12) app.config['SQLALCHEMY_DATABASE_URI'] = conf.SQLALCHEMY_DATABASE_URI db = SQLAlchemy(app) +ALLOWED_EXTENSIONS = set(['xml', 'opml']) + +def allowed_file(filename): + """ + Check if the uploaded WSW file is allowed. + """ + return '.' in filename and \ + filename.rsplit('.', 1)[1] in ALLOWED_EXTENSIONS if not conf.ON_HEROKU: app.config["MAIL_SERVER"] = conf.MAIL_HOST diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py index 11e60880..1afcecb2 100644 --- a/pyaggr3g470r/views.py +++ b/pyaggr3g470r/views.py @@ -42,7 +42,7 @@ import models if not conf.ON_HEROKU: import search as fastsearch from forms import SigninForm, AddFeedForm, ProfileForm -from pyaggr3g470r import app, db +from pyaggr3g470r import app, db, allowed_file from pyaggr3g470r.models import User, Feed, Article, Role Principal(app) @@ -492,15 +492,18 @@ def management(): """ if request.method == 'POST': # Import an OPML file - data = request.files['opmlfile'] - opml_path = os.path.join("./pyaggr3g470r/var/", data.filename) - data.save(opml_path) - try: - nb, nb_already = utils.import_opml(g.user.email, opml_path) - flash(str(nb) + " feeds imported (" + str(nb_already) + \ - " already in the database).", "success") - except Exception as e: - flash("Impossible to import the new feeds.", "danger") + data = request.files.get('opmlfile', None) + if None == data or not allowed_file(data.filename): + flash('File not allowed.', 'danger') + else: + opml_path = os.path.join("./pyaggr3g470r/var/", data.filename) + data.save(opml_path) + try: + nb, nb_already = utils.import_opml(g.user.email, opml_path) + flash(str(nb) + " feeds imported (" + str(nb_already) + \ + " already in the database).", "success") + except Exception as e: + flash("Impossible to import the new feeds.", "danger") form = AddFeedForm() -- cgit