That was the problem, thank you for you help.
--Jon
On Tue, Aug 19, 2008 at 2:13 PM, Marty Alchin <gulo...@gamemusic.org> wrote:
>
> On Tue, Aug 19, 2008 at 8:47 AM, Jon Atkinson <j...@jonatkinson.co.uk> wrote:
>> I'm trying to work with a model which accepts a logo image upload via
>> an ImageField. My a cut down version of my model is below:
>>
>> class Promoter(models.Model):
>> name = models.CharField(max_length=100)
>> logo = models.ImageField(upload_to="/images/promoters/%Y/%m/%d/")
>
> Drop the first slash in your path name.
>
>> When I try to upload the logo via the built-in admin interface, I get
>> the following error:
>>
>> SuspiciousOperation at /admin/promoters/promoter/add/
>> Attempted access to '/images/promoters/2008/08/19/kitten.jpg' denied.
>>
>> In settings.py, my MEDIA_ROOT is set to an accessible directory in my
>> home folder: '/home/username/projectname/media/', and this folder has
>> it's permissions set to 777.
>
> But with that leading slash, you're trying to save to
> /images/promotors/%Y/%m/%d/, not
> /home/username/projectname/media/images/promotors/%Y/%m/%d/ like you
> want. That path probably doesn't exist, and Django would need
> unrestricted access to your system in order to create it for you.
> Needless to say, not a good situation.
>
> That SuspiciousOperation is in place to help prevent Django from
> trying to accidentally read or write from places on your filesystem it
> shouldn't have access to. Just drop the first slash in the path name
> (so it reads upload_to="images/promoters/%Y/%m/%d/") and you'll be all
> set.
>
> -Gul
>
> >
>
chgrp
or chrown
the media directory to the same group as your Python process, and ensure you have at least g+rwx
on directories and g+rw
on files."But i want to upload to following path..
/usr/local/apache2/htdocs/goibibo/travelibibo/static/refundsReports/%Y%m%d
And the first back slash is must. I can't remove that. So please let me know how can i handle this case.
Thanks,
Binny
On Tuesday, August 19, 2008 6:17:16 PM UTC+5:30, Jon Atkinson wrote:Hello,
I'm trying to work with a model which accepts a logo image upload via
an ImageField. My a cut down version of my model is below:class Promoter(models.Model):
name = models.CharField(max_length=100)
logo = models.ImageField(upload_to="/images/promoters/%Y/%m/%d/")
When I try to upload the logo via the built-in admin interface, I get
the following error:
SuspiciousOperation at /admin/promoters/promoter/add/
Attempted access to '/images/promoters/2008/08/19/kitten.jpg' denied.In settings.py, my MEDIA_ROOT is set to an accessible directory in my
home folder: '/home/username/projectname/media/', and this folder has
it's permissions set to 777.
--I'm currently using the ./manage.py webserver, which (I assume) runs
as the same user which starts the process; this is the same user as
owns the folder specified above.Any ideas what I'm doing wrong here?
--Jon
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/5DiLmGCf_E0J.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Here you're trying to upload to a directory, whose path starts with a / : /images.
On *nix, / means system root. Obviously your django process does not have permission to write there unless you set that up so.
You should remove the leading slash in your upload to path. Your files will then upload to your media root.
Then make sure that your Web process has:
. write access to the MEDIA_ROOT/images directory (unless the user is the owner of MEDIA_ROOT, it won't have permission to create a directory.)
. Execution permission on all the directories (not the files in there) leading to MEDIA_ROOT: Execution permission on a directory means traversal permission.
Don't just chmod -R 777 your way out of this kind of problem, you're going to create major security holes.