Why are you using the custom store and retrieve methods? Note, looks like
you might be vulnerable to a directory traversal attack (depending on
whether you're validating the "filename" argument passed to the retrieve
function).
Anthony
On Friday, February 14, 2014 5:21:40 AM UTC-5, Luca Guerrieri wrote:
>
> Goodmorning people,
> I'm teaching myself web2py and I've a little question for understanding
> how can i do ...
>
> I've a form (becomes from a table) with an upload field
> i would to upload an html file and I would to parse it in the mean time ..
> or just after the completition of the operation...
>
> eg.: after i've clicked on the submit button so i would import the file
> and after the parsing filling a new table with the results of the html
> parse operation.
>
> my table :
>
> db.define_table("files",
> Field("name", unique=True),
> Field('country', requires=IS_IN_DB(db,
> 'country.printable_name')),
> Field("files", "upload", custom_store=store_file,
> custom_retrieve=retrieve_file)
> )
>
> I used (thanks to web2py group experts) these two function for storing and
> renaming the file uploaded :
>
> def store_file(file, filename=None, path=None):
> path = "applications/myappuploads"
> if not os.path.exists(path):
> os.makedirs(path)
> pathfilename = os.path.join(path, filename)
> dest_file = open(pathfilename, 'wb')
> try:
> shutil.copyfileobj(file, dest_file)
> finally:
> dest_file.close()
> return filename
>
> def retrieve_file(filename, path=None):
> path = "applications/myapp/uploads"
> return (filename, open(os.path.join(path, filename), 'rb'))
>
> after I've connected in my display_form() all the things ...
>
> def display_form():
> if len(request.args):
> form=SQLFORM(db.files, request.args[0], upload=URL("download"))
> else:
> form=SQLFORM(db.files, upload=URL("download"))
> txt_content=[]
> if form.process(onvalidation=validate).accepted:
> content=StringIO.StringIO(data)
> msg = process_file(content)
> response.flash = T(msg)
> elif form.errors:
> response.flash = T('some errors occurred')
> else:
> pass
> return {"form":form}
>
> I validate the uploaded file giving the name that i've put in the field
> "name"
>
> def validate(form):
> if form.vars.files is not None:
> form.vars.files.filename = form.vars.name + ".html"
>
> and my process_file is :
>
> def process_file(content):
> all_lines = content
> msg = 'content not processed'
> for line in all_lines:
> try:
> msg = 'processed succesfully'
> except:
> msg = 'error processing'
> return msg
>
> here i've my problems .... in which way I can parse the html file, with
> which html parser ?
>
> Thank you in advance
> Luca
>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
