I don't think directory traversal is too much of a problem.
Another thing I can handle is somehow know what this renamed equivalent of
my file is. I could maintain this on a table or something.
On Tuesday, June 17, 2014 7:09:08 PM UTC+5:30, Anthony wrote:
>
> Note, the file renaming is done to prevent directory traversal attacks, so
> may not be a good idea to circumvent that.
>
> To show the pages, just serve them as any static file. Assuming the
> filename is in a variable called "filename":
>
> URL('static', filename)
>
> will create a URL to serve the file.
>
> Anthony
>
> On Tuesday, June 17, 2014 7:22:51 AM UTC-4, Harish Krishna wrote:
>>
>> I am building this portal where people can upload HTML files. I notice
>> that the uploaded files are by default stored in the static folder with a
>> name I can't make much sense out of. Now, I want people to view this HTML
>> page on their browsers without having them download it.
>> What is the simplest way to do this?
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
