From f7d91b59292f8c38a56fef1c06daf7f462830729 Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Thu, 2 Feb 2023 22:02:16 +0000 Subject: [PATCH] todo updates --- core/views/uploads.py | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/core/views/uploads.py b/core/views/uploads.py index d6aaf8d..a22da16 100644 --- a/core/views/uploads.py +++ b/core/views/uploads.py @@ -10,27 +10,25 @@ from troggle.core.models.survex import DrawingFile # from databaseReset import reinit_db # don't do this. databaseRest runs code *at import time* -# from troggle import settings - from .auth import login_required_if_public -# from django.views.decorators.csrf import ensure_csrf_cookie, csrf_exempt - """File upload 'views' """ todo = """ -- Register freshly uploaded filenames in the Django db without needing to wait for a reset & bulk file import - -- Need to validate uploaded file as being a valid file type, not a dubious script or hack +- Ideally we should validate uploaded file as being a valid file type, not a dubious script or hack + Validate image files using a magic recogniser in walletedit() + https://pypi.org/project/reportlab/ or + https://stackoverflow.com/questions/889333/how-to-check-if-a-file-is-a-valid-image-file - Write equivalent GPX upload form system, similar to walletedit() but in expofiles/gpslogs/ Need to validate it as being a valid GPX file using an XML parser, not a dubious script or hack -- Validate Tunnel & Therion files using an XML parser in dwgupload(). Though Julian says tunnel is only mostly correct XML - -- Validate image files using a magic recogniser in walletedit() https://pypi.org/project/reportlab/ or - https://stackoverflow.com/questions/889333/how-to-check-if-a-file-is-a-valid-image-file +- Validate Tunnel & Therion files using an XML parser in dwgupload(). Though Julian says + tunnel is only mostly correct XML + +- parse the uploaded drawing file for links to wallets and scan files as done + in parsers/drawings.py - Enable folder creation in dwguploads or as a separate form """ @@ -190,7 +188,6 @@ def dwgupload(request, folder=None, gitdisable="no"): We could validate the uploaded files as being a valid files using an XML parser, not a dubious script or hack - We use get_or_create instead of simply creating a new object in case someone uploads the same file several times in one session, and expects them to be overwritten in the database. Although the actual file will be duplicated in the filesystem with different random name ending.