view data/plugin/action/submitattachment.py @ 627:f683dea1ac1b

FormSubmit: fix misc. issues * actions[] is a list, so use form.getlist * if getHandler returns None, don't call that * misc. file upload related fixes for werkzeug * use taintfilename on supplied filenames for better security
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 25 Mar 2013 19:41:11 +0100
parents 5f499a634857
children 819c4121f9a0
line wrap: on
line source
# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - submitattachment Action

    Attach file into standard MoinMoin attachment folder or defined in
    targetpage CGI parameter.
    
    If attachment with same name already exists, numeric index
    is added to new attachment. (file_1.txt, file_2.txt, ...)
    
    @copyright: 2008 by Peter Bodi <petrdll@centrum.sk>
    @license: GNU GPL, see COPYING for details.
"""

from MoinMoin import wikiutil
from MoinMoin.Page import Page
from MoinMoin.action import AttachFile

from submitbase import SubmitBase, SubmitValidationError


def execute(pagename, request):
    submitattachment(pagename, request).render()


class submitattachment(SubmitBase):
    
    def rewrite_filename(self, filename):
        """ Rewrites filename if there already exists attachment with the same name
        """
        attachFile = filename
        i = 0 
        while AttachFile.exists(self.request, self.targetpage, attachFile):
            attachFile = self.attachFile
            attachFileSplit = attachFile.split(".", 2)
            ext = attachFileSplit.pop()
            name = '.'.join(attachFileSplit)
            attachFile = "%(name)s_%(index)d.%(extension)s" % {'name': name, 'index': i, 'extension': ext}
            i += 1
            
        filename = attachFile
        
        return filename
            
    def validate(self):
        """ Evaluates whethere valid file was specified """
        SubmitBase.validate(self)
        
        if not self.attachFile:
            self.msg = self._("File was not specified")
            raise SubmitValidationError(self.msg)
        
        if not self.attachContent:
            self.msg = self._("Invalid file '%(file)s'") % {'file': self.attachFile}
            raise SubmitValidationError(self.msg)
     
    def sanitize(self):
        SubmitBase.sanitize(self)
        self.request.files['file'].filename = self.attachFile = self.rewrite_filename(self.attachFile)
         
    def submit(self):
        AttachFile.add_attachment(self.request, self.targetpage, self.attachFile, self.attachContent, 0)