WHat i done is to auto rename the whole directory , replacing spaces and
quotes with some special tags. :D
On Mon, Oct 13, 2008 at 10:31 PM, yarko <[EMAIL PROTECTED]> wrote:
>
> Your other option, of course, is to batch "upload" all those files
> through web2py (which does renaming), save the original filenames in a
> database (name-pair: original-with-spaces; web2py uploaded safe
> name). Then you could "serve" these files with their apparent names,
> no?
>
> Just a thought...
>
> On Oct 13, 4:09 pm, "Phyo Arkar" <[EMAIL PROTECTED]> wrote:
> > Dear Massimo;
> >
> > Thanks a lot!
> > yeah may b thats why, Web2py do not like spaces in file paths.
> >
> > Yeah Currently Directory Traversal attack can be done , Can easily
> download
> > any file outside of web2py root lol :D.
> >
> > Yes i will fix too.
> >
> > Regards,
> > Phyo.
> >
> > On Mon, Oct 13, 2008 at 7:27 PM, mdipierro <[EMAIL PROTECTED]>
> wrote:
> >
> > > I am not sure I understand. web2py does not like spaces in the URL.
> > > There is no way around it. It is a security measure. "%20" counts as a
> > > space.
> >
> > > You can download those files by building your own method
> >
> > > def mystatic():
> > > file=request.vars.path
> > > return
> > > response.stream(os.path.join(response.folder,'static',file))
> >
> > > and link the as
> >
> > > <a href="{{=URL(r=request,f='myststic',vars=dict(path='your
> > > file.html')}}'" >...</a>
> >
> > > Mind that you still need to validate the file for directory traversal
> > > attacks .
> >
> > > Massimo
> >
> > > On Oct 13, 1:01 pm, "Phyo Arkar" <[EMAIL PROTECTED]> wrote:
> > > > Dear Massimo;
> >
> > > > The file browser i made is working well but there is a few problem.
> >
> > > > When a file have a space in file name , it fails to link them.
> >
> > > > here is the code and result:
> >
> > > > How can i get it working?
> >
> > > > Below are the codes :
> >
> > > > # session.forget() ## uncomment if you do not need sessions
> >
> > > > def index():
> > > > response.heading2='Digital Library'
> > > > response.flash="Welcome to Alba Digital Library!"
> > > > path =
> __dir_list__('/opt/web2py/applications/ealba/static/books')
> > > > #path =
> > > > __generate_files__('/opt/web2py/applications/ealba/static/books')
> > > > response.category=path
> > > > return dict(message='Book Categories')
> >
> > > > def browse_files():
> > > > import glob,os
> > > > pth = glob.glob("%s*" % request.vars.path)
> > > > response.flash="Download Books Here!"
> >
> > > > path = []
> > > > for f in pth:
> > > > path.append("%s" % os.path.basename(f))
> >
> > > > base = []
> > > > for f in pth:
> > > > base.append ("%s" %
> f.replace(os.path.basename(f),'').replace( \
> > > > "/opt/web2py/applications/ealba/static/books/",''))
> > > > response.books = [base,path]
> > > > response.heading2 = 'Digital Library'
> >
> > > > return
> >
> > >
> dict(message=request.vars.path.replace(os.path.basename(f),'').replace("/op
> t/web2py/applications/ealba/static/books/",''))
> >
> > > > def __dir_list__(path):
> > > > import os;
> > > > if os.path.exists(path):
> > > > dir=os.listdir(path)
> >
> > > > return dir
> >
> > > > _View_ : browse_files.html
> >
> > > > {{extend 'layout.html'}}
> > > >
> {{try:}}{{=H3(message)}}{{except:}}{{=BEAUTIFY(response._vars)}}{{pass}}
> > > > <table>
> > > > <tr>
> > > > {{i=0}}{{f=response.books}}
> > > > {{for i in range(0,len(response.books[0])):}}
> >
> > > > <td class="cat" > <a href= {{="../static/books/" +
> > > f[0][i]}}
> > > > {{=f[1][i].replace(" " ,"%20")}} > {{=f[1][i].replace(" ","%20")}}
> </a>
> > > > </td>
> > > > <tr></tr>
> > > > {{pass}}
> > > > </table>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---