|
|
|
@ -33,11 +33,7 @@ bootstrapping code for our application:: |
|
|
|
So first we need a couple of imports. Most should be straightforward, the |
|
|
|
So first we need a couple of imports. Most should be straightforward, the |
|
|
|
:func:`werkzeug.secure_filename` is explained a little bit later. The |
|
|
|
:func:`werkzeug.secure_filename` is explained a little bit later. The |
|
|
|
``UPLOAD_FOLDER`` is where we will store the uploaded files and the |
|
|
|
``UPLOAD_FOLDER`` is where we will store the uploaded files and the |
|
|
|
``ALLOWED_EXTENSIONS`` is the set of allowed file extensions. Then we add a |
|
|
|
``ALLOWED_EXTENSIONS`` is the set of allowed file extensions. |
|
|
|
URL rule by hand to the application. Now usually we're not doing that, so |
|
|
|
|
|
|
|
why here? The reasons is that we want the webserver (or our development |
|
|
|
|
|
|
|
server) to serve these files for us and so we only need a rule to generate |
|
|
|
|
|
|
|
the URL to these files. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Why do we limit the extensions that are allowed? You probably don't want |
|
|
|
Why do we limit the extensions that are allowed? You probably don't want |
|
|
|
your users to be able to upload everything there if the server is directly |
|
|
|
your users to be able to upload everything there if the server is directly |
|
|
|
@ -108,8 +104,11 @@ before storing it directly on the filesystem. |
|
|
|
>>> secure_filename('../../../../home/username/.bashrc') |
|
|
|
>>> secure_filename('../../../../home/username/.bashrc') |
|
|
|
'home_username_.bashrc' |
|
|
|
'home_username_.bashrc' |
|
|
|
|
|
|
|
|
|
|
|
Now one last thing is missing: the serving of the uploaded files. As of |
|
|
|
Now one last thing is missing: the serving of the uploaded files. In the |
|
|
|
Flask 0.5 we can use a function that does that for us:: |
|
|
|
:func:`upload_file()` we redirect the user to |
|
|
|
|
|
|
|
``url_for('uploaded_file', filename=filename)``, that is, ``/uploads/filename``. |
|
|
|
|
|
|
|
So we write the :func:`uploaded_file` function to return the file of that name. As |
|
|
|
|
|
|
|
of Flask 0.5 we can use a function that does that for us:: |
|
|
|
|
|
|
|
|
|
|
|
from flask import send_from_directory |
|
|
|
from flask import send_from_directory |
|
|
|
|
|
|
|
|
|
|
|
@ -169,14 +168,11 @@ client asks the server every 5 seconds how much it has transmitted |
|
|
|
already. Do you realize the irony? The client is asking for something it |
|
|
|
already. Do you realize the irony? The client is asking for something it |
|
|
|
should already know. |
|
|
|
should already know. |
|
|
|
|
|
|
|
|
|
|
|
Now there are better solutions to that work faster and more reliable. The |
|
|
|
Now there are better solutions that work faster and are more reliable. There |
|
|
|
web changed a lot lately and you can use HTML5, Java, Silverlight or Flash |
|
|
|
are JavaScript libraries like jQuery (http://jQuery.com) that have form plugins |
|
|
|
to get a nicer uploading experience on the client side. Look at the |
|
|
|
to ease the construction of progress bar. Another great option is dropzone.js |
|
|
|
following libraries for some nice examples how to do that: |
|
|
|
(http://www.dropzonejs.com) that allows users to drag and drop files on to the |
|
|
|
|
|
|
|
page. |
|
|
|
- `Plupload <http://www.plupload.com/>`_ - HTML5, Java, Flash |
|
|
|
|
|
|
|
- `SWFUpload <http://www.swfupload.org/>`_ - Flash |
|
|
|
|
|
|
|
- `JumpLoader <http://jumploader.com/>`_ - Java |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
An Easier Solution |
|
|
|
An Easier Solution |
|
|
|
|
Markus Unterwaditzer
10 years ago