public/coins-demo
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix file extension limiter issue, and establish defaults system

Browse source
This commit is contained in:
Scot Hacker 2019-04-11 22:09:41 -07:00
parent edff438623
commit 7fe0728716
2 changed files with 18 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

14
todo/defaults.py Normal file
View file

@ -0,0 +1,14 @@
# If a documented django-todo option is NOT configured in settings, use these values.
from django.conf import settings
TODO_ALLOW_FILE_ATTACHMENTS = (
settings.TODO_ALLOW_FILE_ATTACHMENTS
if hasattr(settings, "TODO_ALLOW_FILE_ATTACHMENTS")
else True
)
TODO_LIMIT_FILE_ATTACHMENTS = (
settings.TODO_LIMIT_FILE_ATTACHMENTS
if hasattr(settings, "TODO_LIMIT_FILE_ATTACHMENTS")
else [".jpg", ".gif", ".png", ".csv", ".pdf", ".zip"]
)

23
todo/views/task_detail.py
View file

@ -11,6 +11,7 @@ from django.http import HttpResponse
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse from django.urls import reverse
from todo.defaults import TODO_ALLOW_FILE_ATTACHMENTS, TODO_LIMIT_FILE_ATTACHMENTS
from todo.features import HAS_TASK_MERGE from todo.features import HAS_TASK_MERGE
from todo.forms import AddEditTaskForm from todo.forms import AddEditTaskForm
from todo.models import Attachment, Comment, Task from todo.models import Attachment, Comment, Task
@ -119,16 +120,9 @@ def task_detail(request, task_id: int) -> HttpResponse:
# Handle uploaded files # Handle uploaded files
if request.FILES.get("attachment_file_input"): if request.FILES.get("attachment_file_input"):
file = request.FILES.get("attachment_file_input") file = request.FILES.get("attachment_file_input")
# Validate inbound file extension against allowed filetypes
# FIXME: Move defaults to centralized module
allowed_extensions = (
settings.TODO_ALLOWED_FILE_ATTACHMENTS
if hasattr(settings, "TODO_ALLOWED_FILE_ATTACHMENTS")
else [".jpg", ".gif", ".csv", ".pdf", ".zip"]
)
name, extension = os.path.splitext(file.name) name, extension = os.path.splitext(file.name)
if extension not in allowed_extensions:
if extension not in TODO_LIMIT_FILE_ATTACHMENTS:
messages.error(request, f"This site does not allow upload of {extension} files.") messages.error(request, f"This site does not allow upload of {extension} files.")
return redirect("todo:task_detail", task_id=task.id) return redirect("todo:task_detail", task_id=task.id)
@ -137,15 +131,6 @@ def task_detail(request, task_id: int) -> HttpResponse:
) )
return redirect("todo:task_detail", task_id=task.id) return redirect("todo:task_detail", task_id=task.id)
# Settings for file attachments defaults to True
# FIXME: Move settings defaults to a central location?
attachments_enabled = True
if (
hasattr(settings, "TODO_ALLOW_FILE_ATTACHMENTS")
and not settings.TODO_ALLOW_FILE_ATTACHMENTS
):
attachments_enabled = False
context = { context = {
"task": task, "task": task,
"comment_list": comment_list, "comment_list": comment_list,
@ -153,7 +138,7 @@ def task_detail(request, task_id: int) -> HttpResponse:
"merge_form": merge_form, "merge_form": merge_form,
"thedate": thedate, "thedate": thedate,
"comment_classes": getattr(settings, "TODO_COMMENT_CLASSES", []), "comment_classes": getattr(settings, "TODO_COMMENT_CLASSES", []),
"attachments_enabled": attachments_enabled, "attachments_enabled": TODO_ALLOW_FILE_ATTACHMENTS,
} }
return render(request, "todo/task_detail.html", context) return render(request, "todo/task_detail.html", context)