How to use the werkzeug.utils.secure_filename function in Werkzeug

To help you get started, we’ve selected a few Werkzeug examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github KerbalStuff / KerbalStuff / KerbalStuff / email.py View on Github external
changelog = mod.default_version().changelog
    if changelog:
        changelog = '\n'.join(['    ' + l for l in changelog.split('\n')])

    targets = list()
    for follower in followers:
        targets.append(follower)
    if len(targets) == 0:
        return
    with open("emails/mod-autoupdated") as f:
        message = html.parser.HTMLParser().unescape(pystache.render(f.read(),
            {
                'mod': mod,
                'domain': _cfg("domain"),
                'latest': mod.default_version(),
                'url': '/mod/' + str(mod.id) + '/' + secure_filename(mod.name)[:64],
                'changelog': changelog
            }))
    subject = mod.name + " is compatible with KSP " + mod.versions[0].ksp_version + "!"
    send_mail.delay("support@kerbalstuff.com", targets, subject, message)
github my8100 / scrapydweb / scrapydweb / views / operations / deploy.py View on Github external
def handle_uploaded_file(self):
        # http://flask.pocoo.org/docs/1.0/api/#flask.Request.form
        # 
        file = request.files['file']

        # Non-ASCII would be omitted and resulting the filename as to 'egg' or 'tar.gz'
        filename = secure_filename(file.filename)
        # tar.xz only works on Linux and macOS
        if filename in ['egg', 'zip', 'tar.gz']:
            filename = '%s_%s.%s' % (self.project, self.version, filename)
        else:
            filename = '%s_%s_from_file_%s' % (self.project, self.version, filename)

        if filename.endswith('egg'):
            self.eggname = filename
            self.eggpath = os.path.join(self.DEPLOY_PATH, self.eggname)
            file.save(self.eggpath)
            self.scrapy_cfg_not_found = False
        else:  # Compressed file
            filepath = os.path.join(self.DEPLOY_PATH, filename)
            file.save(filepath)
            tmpdir = self.uncompress_to_tmpdir(filepath)
github gilbeckers / MultiPersonMatching / app.py View on Github external
def upload_file():
    if request.method == 'POST':
        # check if the post request has the file part
        if 'file' not in request.files:
            return "no file sended"
        file = request.files['file']
        # if user does not select file, browser also
        # submit a empty part without filename
        if file.filename == '':
            return "no filename"
        if file and allowed_file(file.filename):
            filename = secure_filename(file.filename)
            file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
            return processfile(filename)
    return
github posativ / regenwolken / regenwolken / REST.py View on Github external
"icon": "http://%s/images/item_types/%s.png" % (conf.HOSTNAME, obj.item_type),
        "source": obj.source,
        "created_at": strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()),
        "updated_at": strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()),
        "deleted_at": None }

    if obj.item_type == 'bookmark':
        x['name'] = obj.name
        x['url'] = 'http://' + conf.HOSTNAME + '/' + obj.short_id
        x['content_url'] = x['url'] + '/content'
        x['remote_url'] = None
        x['redirect_url'] = obj.redirect_url
    else:
        x['name'] = obj.filename
        x['url'] = 'http://' + conf.HOSTNAME + '/' + obj.short_id
        x['content_url'] = x['url'] + '/' + secure_filename(obj.filename)
        x['remote_url'] = x['url'] + '/' + quote(obj.filename)
        x['thumbnail_url'] = x['url'] # TODO: thumbails
        x['redirect_url'] = None

    try:
        x['created_at'] = obj.created_at
        x['updated_at'] = obj.updated_at
        x['deleted_at'] = obj.deleted_at
        if obj.deleted_at:
            x['icon'] = "http://%s/images/item_types/trash.png" % conf.HOSTNAME
    except AttributeError:
        pass

    __dict__.update(x)
    __dict__.update(kw)
    return __dict__
github EUDAT-B2SHARE / b2share / b2share / oldmodules / b2deposit / b2share_upload_handler.py View on Github external
def encode_filename(filename):
    import hashlib
    hasher = hashlib.md5()
    hasher.update(filename.encode("utf-8"))
    md5 = hasher.hexdigest()
    safename = secure_filename(filename)
    return (safename, md5)
github OmniaGit / odooplm / mirror_document_server / main.py View on Github external
def upload_file():
    if request.method == 'POST':
        # check if the post request has the file part
        if 'file' not in request.files:
            flash('No file part')
            return redirect(request.url)
        file_file = request.files['file']
        if file_file.filename == '':
            flash('No file selected for uploading')
            return redirect(request.url)
        if file_file:
            filename = secure_filename(file_file.filename)
            file_file.save(getNewFileName(filename))
            flash('File successfully uploaded')
            data = {'message': 'Created', 'code': 'SUCCESS'}
            return make_response(jsonify(data), 200)
        else:
            return redirect(request.url)
github adafruit / rosie-ci / rosie-ci.py View on Github external
def upload_file(sha):
     if not redis.get("upload-lock:" + sha):
         abort(403)
     # check if the post request has the file part
     if 'file' not in request.files:
         abort(400)
     f = request.files['file']
     # if user does not select file, browser also
     # submit a empty part without filename
     if f.filename == '':
         abort(400)
     if f and f.filename == secure_filename(f.filename):
         filename = secure_filename(f.filename)
         # Store files in redis with an expiration so we hopefully don't leak resources.
         redis.setex("file:" + filename, 120 * 60, f.read())
         print(filename, "uploaded")
     else:
         abort(400)
     return jsonify({'msg': 'Ok'})
github inveniosoftware / invenio / modules / webdeposit / lib / webdeposit_blueprint.py View on Github external
def upload_url(deposition_type=None, uuid=None):
    """
    Upload a new file by use of a URL
    """
    deposition = Deposition.get(uuid, current_user, type=deposition_type)

    # TODO: Improve to read URL as a chunked file to prevent overfilling
    # memory.
    url_file = ExternalFile(
        request.form['url'],
        request.form.get('name', None),
    )

    df = DepositionFile(backend=DepositionStorage(deposition.id))

    if df.save(url_file, filename=secure_filename(url_file.filename)):
        deposition.add_file(df)
        deposition.save()

    url_file.close()

    return jsonify(
        dict(filename=df.name, id=df.uuid, checksum=df.checksum)
    )
github CTFd / CTFd / CTFd / utils / uploads / uploaders.py View on Github external
def upload(self, file_obj, filename):
        if len(filename) == 0:
            raise Exception("Empty filenames cannot be used")

        filename = secure_filename(filename)
        md5hash = hexencode(os.urandom(16))
        file_path = posixpath.join(md5hash, filename)

        return self.store(file_obj, file_path)
github ianburkeixiv / Python-TensorFlow-WebApp / app.py View on Github external
def upload_file():
    if request.method == 'POST':
        # check if the post request has the file part
        if 'file' not in request.files:
            flash('No file part')
            return redirect(request.url)
        file = request.files['file']
        # if user does not select file, browser also
        # submit a empty part without filename
        if file.filename == '':
            flash('No selected file')
            return redirect(request.url)
        # if theres a file with allowed extension then..
        if file and allowed_file(file.filename):
            # secure a filename before storing it directly
            filename = secure_filename(file.filename) 
            # Save file to upload_folder
            file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename)) 
           
            return redirect(url_for('uploaded_file', filename=filename))