image upload allowed extensions

This commit is contained in:
nitely 2014-06-08 20:53:59 -03:00
parent e98a4699f2
commit 918ca59775
6 changed files with 48 additions and 20 deletions

1
TODO
View File

@ -37,3 +37,4 @@ Template
Readme
* add note about translations and fuzziness
* update: rebuild_index (search) command

View File

@ -67,12 +67,16 @@ class CommentImageForm(forms.Form):
image = forms.ImageField()
def __init__(self, user=None, *args, **kwargs):
super(CommentImageForm, self).__init__(*args, **kwargs)
self.user = user
def clean_image(self):
image = self.cleaned_data["image"]
if Image.open(image).format.lower() not in settings.ST_ALLOWED_UPLOAD_IMAGES:
if Image.open(image).format.lower() not in settings.ST_ALLOWED_UPLOAD_IMAGE_FORMAT:
raise forms.ValidationError(_("Unsupported file format. Supported formats are %s."
% ", ".join(settings.ST_ALLOWED_UPLOAD_IMAGES)))
% ", ".join(settings.ST_ALLOWED_UPLOAD_IMAGE_FORMAT)))
image.seek(0)
return image
@ -81,9 +85,14 @@ class CommentImageForm(forms.Form):
image = self.cleaned_data["image"]
hash = hashlib.md5(image.read()).hexdigest()
name, ext = os.path.splitext(image.name)
image.name = u"".join((hash, ext))
upload_to = os.path.join('spirit', 'images')
image.url = os.path.join(settings.MEDIA_URL, upload_to, image.name)
# Remove the extension if not allowed
if ext and ext[1:].lower() not in settings.ST_ALLOWED_UPLOAD_IMAGE_EXT:
ext = ""
image.name = u"".join((hash, ext.lower()))
upload_to = os.path.join('spirit', 'images', str(self.user.pk))
image.url = os.path.join(settings.MEDIA_URL, upload_to, image.name).replace("\\", "/")
media_path = os.path.join(settings.MEDIA_ROOT, upload_to)
utils.mkdir_p(media_path)

View File

@ -331,13 +331,14 @@ class CommentViewTest(TestCase):
img = StringIO('GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00'
'\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00;')
files = {'image': SimpleUploadedFile('image.gif', img.read(), content_type='image/gif'), }
response = self.client.post(reverse('spirit:comment-image-upload'),
response = self.client.post(reverse('spirit:comment-image-upload-ajax'),
HTTP_X_REQUESTED_WITH='XMLHttpRequest',
data=files)
res = json.loads(response.content)
self.assertEqual(res['url'], os.path.join(settings.MEDIA_URL, 'spirit', 'images',
"bf21c3043d749d5598366c26e7e4ab44.gif"))
os.remove(os.path.join(settings.MEDIA_ROOT, 'spirit', 'images', "bf21c3043d749d5598366c26e7e4ab44.gif"))
self.assertEqual(res['url'], os.path.join(settings.MEDIA_URL, 'spirit', 'images', str(self.user.pk),
"bf21c3043d749d5598366c26e7e4ab44.gif").replace("\\", "/"))
os.remove(os.path.join(settings.MEDIA_ROOT, 'spirit', 'images', str(self.user.pk),
"bf21c3043d749d5598366c26e7e4ab44.gif"))
def test_comment_image_upload_invalid(self):
"""
@ -348,7 +349,7 @@ class CommentViewTest(TestCase):
image.name = 'image.gif'
image.content_type = 'image/gif'
files = {'image': SimpleUploadedFile(image.name, image.read()), }
response = self.client.post(reverse('spirit:comment-image-upload'),
response = self.client.post(reverse('spirit:comment-image-upload-ajax'),
HTTP_X_REQUESTED_WITH='XMLHttpRequest',
data=files)
self.assertEqual(response.status_code, 404)
@ -495,12 +496,14 @@ class CommentFormTest(TestCase):
img = StringIO(content)
files = {'image': SimpleUploadedFile('image.gif', img.read(), content_type='image/gif'), }
form = CommentImageForm(data={}, files=files)
form = CommentImageForm(user=self.user, data={}, files=files)
self.assertTrue(form.is_valid())
image = form.save()
self.assertEqual(image.name, "bf21c3043d749d5598366c26e7e4ab44.gif")
self.assertEqual(image.url, os.path.join(settings.MEDIA_URL, 'spirit', 'images', image.name))
image_path = os.path.join(settings.MEDIA_ROOT, 'spirit', 'images', image.name)
image_url = os.path.join(settings.MEDIA_URL, 'spirit', 'images', str(self.user.pk),
image.name).replace("\\", "/")
self.assertEqual(image.url, image_url)
image_path = os.path.join(settings.MEDIA_ROOT, 'spirit', 'images', str(self.user.pk), image.name)
self.assertTrue(os.path.isfile(image_path))
image.open()
self.assertEqual(image.read(), content)
@ -517,13 +520,27 @@ class CommentFormTest(TestCase):
img = StringIO('GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00'
'\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00;')
files = {'image': SimpleUploadedFile('image', img.read(), content_type='image/gif'), }
form = CommentImageForm(data={}, files=files)
form = CommentImageForm(user=self.user, data={}, files=files)
self.assertTrue(form.is_valid())
image = form.save()
self.assertEqual(image.name, "bf21c3043d749d5598366c26e7e4ab44")
os.remove(os.path.join(settings.MEDIA_ROOT, 'spirit', 'images', image.name))
os.remove(os.path.join(settings.MEDIA_ROOT, 'spirit', 'images', str(self.user.pk), image.name))
@override_settings(ST_ALLOWED_UPLOAD_IMAGES=['png', ])
@override_settings(ST_ALLOWED_UPLOAD_IMAGE_EXT=[])
def test_comment_image_upload_bad_extension(self):
"""
Image upload bad extensions are removed
"""
img = StringIO('GIF87a\x01\x00\x01\x00\x80\x01\x00\x00\x00\x00ccc,\x00'
'\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02D\x01\x00;')
files = {'image': SimpleUploadedFile('image.gif', img.read(), content_type='image/gif'), }
form = CommentImageForm(user=self.user, data={}, files=files)
self.assertTrue(form.is_valid())
image = form.save()
self.assertEqual(image.name, "bf21c3043d749d5598366c26e7e4ab44")
os.remove(os.path.join(settings.MEDIA_ROOT, 'spirit', 'images', str(self.user.pk), image.name))
@override_settings(ST_ALLOWED_UPLOAD_IMAGE_FORMAT=['png', ])
def test_comment_image_upload_not_allowed_format(self):
"""
Image upload, invalid format

View File

@ -3,6 +3,7 @@
from django.conf.urls import patterns, include, url
import djconfig
from spirit.forms.admin import BasicConfigForm
# TODO: use app loader in django 1.7

View File

@ -14,5 +14,5 @@ urlpatterns = patterns("spirit.views.comment",
url(r'^(?P<pk>\d+)/delete/$', 'comment_delete', name='comment-delete'),
url(r'^(?P<pk>\d+)/undelete/$', 'comment_delete', kwargs={'remove': False, }, name='comment-undelete'),
url(r'^upload/$', 'comment_image_upload', name='comment-image-upload'),
url(r'^upload/$', 'comment_image_upload_ajax', name='comment-image-upload-ajax'),
)

View File

@ -106,11 +106,11 @@ def comment_find(request, pk):
@require_POST
@login_required
def comment_image_upload(request):
def comment_image_upload_ajax(request):
if not request.is_ajax():
return Http404()
form = CommentImageForm(data=request.POST, files=request.FILES)
form = CommentImageForm(user=request.user, data=request.POST, files=request.FILES)
if form.is_valid():
image = form.save()