How to upload a file in a directory without SQLFORM ?

[Adrien]

Hi everyone,
Like i said in the title, i want to upload a file in a directory with a form.
I saw another subject where he did what i want but with me, it doesn't work and i don't know why.

This is my controller default.py :

def test():
    import shutil

    filename=request.vars.filename
    file=request.vars.file
    shutil.copyfileobj(file,open('path/'+filename,'wb'))
    return dict()

def index():
    return dict()

And the view index.html :

<form method="post" enctype="multipart/form-data" action="test">
        <input name="upload" type="file" size="60" maxlength="100000">
        <input type="Submit" value="Upload">
</form>

Do someone knows how to fix this problem ? And sorry but I'm not english, i hope i'm clear for you.

[xmarx]

in controller:

def index():

    import os

    form=SQLFORM.factory(Field('name'),Field('file', 'upload',uploadfolder=os.path.join(request.folder,'uploads')))

    if form.process().accepted:

        request.flash='file uploaded!'

    return dict(form=form)

in view index.html:

{{extend 'layout.html'}}

<h1>Upload File</h1>
{{=form}}

thats it.

16 Aralık 2015 Çarşamba 11:07:11 UTC+2 tarihinde Adrien yazdı:

[Adrien]

Thx for your quick answer.
But i try to do my form without sqlform (i didn't show all my form) because I have a form with a lot of fields, and they aren't all on the same page, i mean it's with an anchor on the same page (working with id), and i dunno how to do the same thing with a factory. I can't upload a file with a simple form ?

And do you know how to change the name of the file when it's upload ? I have several upload fields.

[Adrien]

This is the subject where i found the previous code :

https://groups.google.com/forum/#!searchin/web2py/upload$20file$20in$20directory$20with$20form/web2py/nyLx2MBLG2k/HQQ8a95D9oIJ
But with me, it doesn't work...

[Anthony]

On Wednesday, December 16, 2015 at 4:07:11 AM UTC-5, Adrien wrote:

Hi everyone,
Like i said in the title, i want to upload a file in a directory with a form.
I saw another subject where he did what i want but with me, it doesn't work and i don't know why.

This is my controller default.py :

def test():
    import shutil

    filename=request.vars.filename
    file=request.vars.file
    shutil.copyfileobj(file,open('path/'+filename,'wb'))

In that code, "path/" is just an example. You must provide an actual filesystem path where you want to store the file. Also, in order to prevent a directory traversal attack, you would want to either rename the file (e.g., via base 16 encoding, as the DAL does with upload fields) or check to make sure the final absolute path is not outside your base upload folder.

Anthony

[Anthony]

On Wednesday, December 16, 2015 at 4:53:41 AM UTC-5, xmarx wrote:

in controller:

def index():

    import os

    form=SQLFORM.factory(Field('name'),Field('file', 'upload',uploadfolder=os.path.join(request.folder,'uploads')))

    if form.process().accepted:

        request.flash='file uploaded!'

    return dict(form=form)

The only problem with using SQLFORM.factory to handle file uploads is that it will use the DAL upload mechanism to rename the file (including a random UUID segment). Because there is no database table storing the new filename, it will now be difficult to retrieve the file, as you will not know the filename (you would have to scan the whole directory and decode all of the base-16-encoded parts of the filenames to retrieve the original filenames).

Anthony

[Adrien]

For the path, i just don't write my path but it works only when i used the all path (from C:/ to my folder pictures like "C:/Adrien/web2py/applications/myApp/view/pictures/", don't know how to write only "pictures/"). So if i can resolve this and find how to change the filename, it's good and my problem will be fix.

For SQLFORM.factory : i already have a form divided in many html table with an anchor for each table, and i don't know how to do the same thing with the factory.

Someone know how to fix the problem with the path and the filename ?

edit : I find how to change the name during the upload, now my only problem is to shorten my path

Thx guys !

[Anthony]

Always use Python to build your paths:

import os
filepath = os.path.join(request.folder, 'view', 'pictures', filename)

Again, don't just use the filename provided by the user, as that is a security vulnerability.

Anthony

On Wednesday, December 16, 2015 at 10:13:10 AM UTC-5, Adrien wrote:

For the path, i just don't write my path but it works only when i used the all path (from C:/ to my folder pictures like "C:/Adrien/web2py/applications/myApp/view/pictures/", don't know how to write only "pictures/"). So if i can resolve this and find how to change the filename, it's good and my problem will be fix.

For SQLFORM.factory : i already have a form divided in many html table with an anchor for each table, and i don't know how to do the same thing with the factory.

Someone know how to fix the problem with the path and the filename ?

[Adrien]

Thanks Anthony, it works !
Yes i know, i will use the same security which was used before (was in PHP) but i know how to use this in python now.

Thx again :)