limit the extensions of uploading files

This commit is contained in:
idalin 2017-02-15 14:11:35 +08:00
parent eb38a9723f
commit fe2383516d

View File

@ -52,6 +52,7 @@ from cgi import escape
# Global variables
global_task = None
ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'epub', 'mobi', 'azw', 'azw3', 'cbr', 'cbz', 'cbt', 'djvu', 'prc', 'doc', 'docx'])
# Proxy Helper class
@ -2115,6 +2116,13 @@ def upload():
db.session.connection().connection.connection.create_function('uuid4', 0, lambda: str(uuid4()))
if request.method == 'POST' and 'btn-upload' in request.files:
file = request.files['btn-upload']
if not ('.' in file.filename and file.filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS):
flash(
_('File extension "%s" is not allowed to be uploaded to this server' %
file.filename.rsplit('.', 1)[1].lower()),
category="error"
)
return redirect(url_for('index'))
meta = uploader.upload(file)
title = meta.title