« back to all changes in this revision
Viewing changes to pybb/util.py
- browse files at revision 544.3.3
- compare with another revision
- download diff
- download tarball
- view history from revision 544.3.3
- Committer: kaputtnik
- Date: 2019-08-11 12:01:32 UTC
- mto: (544.2.15 pybb_attachments)
- mto: This revision was merged to the branch mainline in revision 549.
- Revision ID: kaputtnik-20190811120132-vrkrgrqn77ijih38
added a check for wai files, they need special treatment; create a link to a wikiarticle
added
removed
pybb/util.py
18
18
from pybb import settings as pybb_settings
19
19
import magic
20
20
import zipfile
21
import configparser
21
22
from PIL import Image
22
23
23
24
188
189
def _split_mime(mime_type):
189
190
main, sub = mime_type.split('/', maxsplit=1)
190
191
return {'maintype': main, 'subtype': sub}
191
192
192
193
def _is_image():
193
194
# Use PIL to determine if it is a valid image file
194
195
# works not for corrupted jpg
199
200
return False
200
201
return True
201
202
202
def _values_even(value1, value2):
203
return value1 == value2
204
205
203
def _is_zip():
206
204
try:
207
205
zip_obj = zipfile.ZipFile(tmp_file_path)
208
206
except zipfile.BadZipfile:
209
207
return None
210
208
return zip_obj
211
209
212
210
def _zip_contains(zip_parts):
213
211
# Check if each entry in zip_parts is inside the attachment
214
212
zip_obj = _is_zip()
230
228
'size': pybb_settings.ATTACHMENT_SIZE_LIMIT/1024/1024,
231
229
}
232
230
)
231
233
232
# Checks by file extension
234
ext = attachment.name.rpartition('.')
235
if ext[0] == '':
233
splitted_fn = attachment.name.rsplit('.', maxsplit=2)
234
print("Franku ext: ", splitted_fn)
235
if len(splitted_fn) == 1:
236
236
# Not sure if we need this
237
237
raise ValidationError(
238
238
'We do not allow uploading files without an extension.'
239
239
)
240
240
241
ext = ext[2]
241
ext = splitted_fn[-1]
242
242
if not ext in settings.ALLOWED_EXTENSIONS:
243
243
raise ValidationError(
244
244
'This type of file is not allowed.'
245
245
)
246
elif ext == 'wmf':
246
247
# Widelands map file
248
if ext == 'wmf':
247
249
raise ValidationError(
248
250
'This seems to be a widelands map file. Please upload \
249
251
it at our maps section.'
250
252
)
251
elif ext == 'wgf':
253
254
# Widelands savegame (*.wgf) and widelands replay (*.wrpl.wgf)
255
# are not the same.
256
if ext == 'wgf' and not splitted_fn[-2] == 'wrpl':
252
257
if not _zip_contains(['/binary/', '/map/', '/minimap.png', '/preload']):
253
258
raise ValidationError(
254
259
'This is not a valid widelands savegame.'
255
260
)
256
elif ext == 'zip':
261
262
# Widelands replay
263
if ext == 'wrpl':
264
raise ValidationError(
265
'This file is part of a replay. Please zip it together with \
266
the corresponding .wrpl.wgf file and upload again.'
267
)
268
269
if ext == 'zip':
257
270
if _is_zip():
258
271
raise ValidationError(
259
272
'This is not a valid zip file.'
260
273
)
261
274
275
if ext == 'wai':
276
wai = configparser.ConfigParser()
277
try:
278
wai.read(tmp_file_path)
279
wai_sections = wai.sections()
280
if len(settings.ALLOWED_WAI_SECTIONS) == len(wai_sections):
281
for section in settings.ALLOWED_WAI_SECTIONS:
282
if section not in wai_sections:
283
raise
284
else:
285
raise
286
except:
287
raise ValidationError(
288
'This not a valid wai file.'
289
)
290
262
291
# Checks by MimeType
263
292
# Get MIME-Type from python-magic
264
293
magic_mime = magic.from_file(tmp_file_path, mime=True)
265
294
magic_mime = _split_mime(magic_mime)
266
295
send_mime = _split_mime(attachment.content_type)
267
296
297
# Check for valid image file. Use te mime-type provided by python-magic,
298
# because for a renamed image the wrong mime-type is send by the browser.
299
if magic_mime['maintype'] == 'image':
300
if not _is_image():
301
raise ValidationError(
302
'This is not a valid image: %(file)s',
303
params={'file': attachment.name}
304
)
305
268
306
# Compare Mime type send by browser and Mime type from python-magic.
269
307
# We only compare the main type (the first part) because the second
270
308
# part may not be recoginzed correctly. E.g. for .lua the submitted
271
309
# type is 'text/x-lua' but 'x-lua' is not official at all. See:
272
310
# https://www.iana.org/assignments/media-types/media-types.xhtml
273
if not _values_even(magic_mime['maintype'], send_mime['maintype']):
274
raise ValidationError(
275
'The file %(file)s looks like %(send_mime)s, \
276
but we think it is %(magic_mime)s',
277
params={
278
'file': attachment.name,
279
'send_mime': send_mime['maintype'],
280
'magic_mime': magic_mime['maintype'],
281
},
282
)
283
# Check for valid image file. Use te Mime-Type provided by python-magic!
284
if magic_mime['maintype'] == 'image':
285
if not _is_image():
311
# Unrecoginzed extension are always send with mime type
312
# 'application/octet-stream'. Skip if we know them.
313
if not ext in settings.SKIP_MIME_EXTENSIONS:
314
if not magic_mime['maintype'] == send_mime['maintype']:
286
315
raise ValidationError(
287
'This is not a valid image: %(file)s',
288
params={'file': attachment.name}
316
'The file %(file)s looks like %(send_mime)s, \
317
but we think it is %(magic_mime)s',
318
params={
319
'file': attachment.name,
320
'send_mime': send_mime['maintype'],
321
'magic_mime': magic_mime['maintype'],
322
},
289
323
)
Loggerhead is a web-based interface for Breezy
Version: 2.0.1