How to use the werkzeug.utils.secure_filename function in Werkzeug
To help you get started, we’ve selected a few Werkzeug examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
KerbalStuff / KerbalStuff / KerbalStuff / email.py View on Github 
changelog = mod.default_version().changelog
if changelog:
changelog = '\n'.join([' ' + l for l in changelog.split('\n')])
targets = list()
for follower in followers:
targets.append(follower)
if len(targets) == 0:
return
with open("emails/mod-autoupdated") as f:
message = html.parser.HTMLParser().unescape(pystache.render(f.read(),
{
'mod': mod,
'domain': _cfg("domain"),
'latest': mod.default_version(),
'url': '/mod/' + str(mod.id) + '/' + secure_filename(mod.name)[:64],
'changelog': changelog
}))
subject = mod.name + " is compatible with KSP " + mod.versions[0].ksp_version + "!"
send_mail.delay("support@kerbalstuff.com", targets, subject, message)def handle_uploaded_file(self):
# http://flask.pocoo.org/docs/1.0/api/#flask.Request.form
#
file = request.files['file']
# Non-ASCII would be omitted and resulting the filename as to 'egg' or 'tar.gz'
filename = secure_filename(file.filename)
# tar.xz only works on Linux and macOS
if filename in ['egg', 'zip', 'tar.gz']:
filename = '%s_%s.%s' % (self.project, self.version, filename)
else:
filename = '%s_%s_from_file_%s' % (self.project, self.version, filename)
if filename.endswith('egg'):
self.eggname = filename
self.eggpath = os.path.join(self.DEPLOY_PATH, self.eggname)
file.save(self.eggpath)
self.scrapy_cfg_not_found = False
else: # Compressed file
filepath = os.path.join(self.DEPLOY_PATH, filename)
file.save(filepath)
tmpdir = self.uncompress_to_tmpdir(filepath)def upload_file():
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
return "no file sended"
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
return "no filename"
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
return processfile(filename)
return"icon": "http://%s/images/item_types/%s.png" % (conf.HOSTNAME, obj.item_type),
"source": obj.source,
"created_at": strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()),
"updated_at": strftime('%Y-%m-%dT%H:%M:%SZ', gmtime()),
"deleted_at": None }
if obj.item_type == 'bookmark':
x['name'] = obj.name
x['url'] = 'http://' + conf.HOSTNAME + '/' + obj.short_id
x['content_url'] = x['url'] + '/content'
x['remote_url'] = None
x['redirect_url'] = obj.redirect_url
else:
x['name'] = obj.filename
x['url'] = 'http://' + conf.HOSTNAME + '/' + obj.short_id
x['content_url'] = x['url'] + '/' + secure_filename(obj.filename)
x['remote_url'] = x['url'] + '/' + quote(obj.filename)
x['thumbnail_url'] = x['url'] # TODO: thumbails
x['redirect_url'] = None
try:
x['created_at'] = obj.created_at
x['updated_at'] = obj.updated_at
x['deleted_at'] = obj.deleted_at
if obj.deleted_at:
x['icon'] = "http://%s/images/item_types/trash.png" % conf.HOSTNAME
except AttributeError:
pass
__dict__.update(x)
__dict__.update(kw)
return __dict__def encode_filename(filename):
import hashlib
hasher = hashlib.md5()
hasher.update(filename.encode("utf-8"))
md5 = hasher.hexdigest()
safename = secure_filename(filename)
return (safename, md5)def upload_file():
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part')
return redirect(request.url)
file_file = request.files['file']
if file_file.filename == '':
flash('No file selected for uploading')
return redirect(request.url)
if file_file:
filename = secure_filename(file_file.filename)
file_file.save(getNewFileName(filename))
flash('File successfully uploaded')
data = {'message': 'Created', 'code': 'SUCCESS'}
return make_response(jsonify(data), 200)
else:
return redirect(request.url)def upload_file(sha):
if not redis.get("upload-lock:" + sha):
abort(403)
# check if the post request has the file part
if 'file' not in request.files:
abort(400)
f = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if f.filename == '':
abort(400)
if f and f.filename == secure_filename(f.filename):
filename = secure_filename(f.filename)
# Store files in redis with an expiration so we hopefully don't leak resources.
redis.setex("file:" + filename, 120 * 60, f.read())
print(filename, "uploaded")
else:
abort(400)
return jsonify({'msg': 'Ok'})def upload_url(deposition_type=None, uuid=None):
"""
Upload a new file by use of a URL
"""
deposition = Deposition.get(uuid, current_user, type=deposition_type)
# TODO: Improve to read URL as a chunked file to prevent overfilling
# memory.
url_file = ExternalFile(
request.form['url'],
request.form.get('name', None),
)
df = DepositionFile(backend=DepositionStorage(deposition.id))
if df.save(url_file, filename=secure_filename(url_file.filename)):
deposition.add_file(df)
deposition.save()
url_file.close()
return jsonify(
dict(filename=df.name, id=df.uuid, checksum=df.checksum)
)def upload(self, file_obj, filename):
if len(filename) == 0:
raise Exception("Empty filenames cannot be used")
filename = secure_filename(filename)
md5hash = hexencode(os.urandom(16))
file_path = posixpath.join(md5hash, filename)
return self.store(file_obj, file_path)def upload_file():
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
flash('No file part')
return redirect(request.url)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
flash('No selected file')
return redirect(request.url)
# if theres a file with allowed extension then..
if file and allowed_file(file.filename):
# secure a filename before storing it directly
filename = secure_filename(file.filename)
# Save file to upload_folder
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
return redirect(url_for('uploaded_file', filename=filename))Werkzeug
The comprehensive WSGI web application library.
Package Health Score
97 / 100Popular Werkzeug functions
- werkzeug._compat.iteritems
- werkzeug._compat.text_type
- werkzeug.datastructures.Headers
- werkzeug.datastructures.MultiDict
- werkzeug.exceptions
- werkzeug.exceptions.BadRequest
- werkzeug.exceptions.Forbidden
- werkzeug.exceptions.HTTPException
- werkzeug.exceptions.InternalServerError
- werkzeug.exceptions.NotFound
- werkzeug.routing.Rule
- werkzeug.secure_filename
- werkzeug.security.generate_password_hash
- werkzeug.utils.cached_property
- werkzeug.utils.escape
- werkzeug.utils.import_string
- werkzeug.utils.redirect
- werkzeug.utils.secure_filename
- werkzeug.wrappers.Request
- werkzeug.wrappers.Response