Can't use <a> to download a file
311 views
Skip to first unread message
Adrien
Dec 17, 2015, 9:34:33 AM12/17/15
to web2py-users
Hi everyone,
I'm trying to create a link to download files, but it doesn't work .. It redirect me like a simple link.
This is what i'm using :
This file is default/index.html
I also tried to use the all path (from C: to the file) but it doesn't work too.
Anyone have an idea to fix this problem ? Or maybe there is a function in web2py to do that ?
Thanks guys !
I'm trying to create a link to download files, but it doesn't work .. It redirect me like a simple link.
This is what i'm using :
This file is default/index.html
<a href="../uploads/clep.pdf" download="clep.pdf">clep</a><br/>I also tried to use the all path (from C: to the file) but it doesn't work too.
Anyone have an idea to fix this problem ? Or maybe there is a function in web2py to do that ?
Thanks guys !
Anthony
Dec 17, 2015, 10:58:05 AM12/17/15
to web2py-users
On Thursday, December 17, 2015 at 9:34:33 AM UTC-5, Adrien wrote:
Hi everyone,
I'm trying to create a link to download files, but it doesn't work .. It redirect me like a simple link.
This is what i'm using :
This file is default/index.html
The only files web2py will serve directly via the file path are those in the /static folder, and even then, you would not specify an OS file path (including a ../) as the href -- you would instead generate a web2py URL with "static" as the controller (e.g., URL('static', 'uploads/clep.pdf')).
For files uploaded via a DAL upload field, you should use the response.download() method. The scaffolding app includes a download() function in the default.py controller that uses this method.
In your case, it looks like you have manually put the clep.pdf file in the /uploads folder, as it hasn't been renamed as it would be if uploaded via a DAL upload field. To return such a file, you would instead have to use response.stream(). To prevent a directory traversal attack, you would probably also want to add a signature to the URL and add the @auth.requires_signature() decorator to your download function (this will prevent a malicious user from specifying any arbitrary file in the request URL, as the signature will be associated with the particular file in the link you create).
Note, if the clep.pdf file is intended to be available to the public, just put it in the /static folder.
Anthony
Adrien
Dec 18, 2015, 3:36:37 AM12/18/15
to web2py-users
Oh ok thanks Anthony, i used that :
I didn't know i have to use the static folder to upload files, thx you :)
<a href="{{=URL('static', 'generalfix/clep.pdf'}}" download="clep.pdf">clep</a><br/>
Massimo Di Pierro
Dec 18, 2015, 6:36:12 PM12/18/15
to web2py-users
To be clear. We are not talking about Field('...','upload') type of files. It appears these are static files you uploaded via admin, therefore they are in static/. Files uploaded via forms, go where where you configure them to go, generally in uploads/ and access can be restricted using auth.
Field('junk','upload',uploadfolder='whereyoulike',authorization=function record: return True or False))
Reply all
Reply to author
Forward
0 new messages