comparison data/plugin/action/submitcsv.py @ 627:f683dea1ac1b

FormSubmit: fix misc. issues * actions[] is a list, so use form.getlist * if getHandler returns None, don't call that * misc. file upload related fixes for werkzeug * use taintfilename on supplied filenames for better security
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 25 Mar 2013 19:41:11 +0100
parents f64779d5d500
children 819c4121f9a0
comparison
equal deleted inserted replaced
626:f64779d5d500 627:f683dea1ac1b
31 def __init__(self, pagename, request): 31 def __init__(self, pagename, request):
32 SubmitBase.__init__(self, pagename, request) 32 SubmitBase.__init__(self, pagename, request)
33 33
34 self.delimiter = ';' 34 self.delimiter = ';'
35 self.targetFile = request.form.get("targetfile", "list.csv") 35 self.targetFile = request.form.get("targetfile", "list.csv")
36 self.targetFile = wikiutil.taintfilename(self.targetFile) # replace illegal chars
36 37
37 def sanitize(self): 38 def sanitize(self):
38 SubmitBase.sanitize(self) 39 SubmitBase.sanitize(self)
39 self.targetFile = wikiutil.clean_input(self.targetFile) 40 self.targetFile = wikiutil.clean_input(self.targetFile)
40 41