-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathupload_controller.py
More file actions
27 lines (21 loc) · 953 Bytes
/
upload_controller.py
File metadata and controls
27 lines (21 loc) · 953 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
from taskManager.misc import store_uploaded_file
def upload(request, project_id):
if request.method == 'POST':
proj = Project.objects.get(pk=project_id)
form = ProjectFileForm(request.POST, request.FILES)
if form.is_valid():
name = request.POST.get('name', False)
upload_path = store_uploaded_file(name, request.FILES['file'])
#A1 - Injection (SQLi)
curs = connection.cursor()
curs.execute(
"insert into taskManager_file ('name','path','project_id') values ('%s','%s',%s)" %
(name, upload_path, project_id))
return redirect('/taskManager/' + project_id +
'/', {'new_file_added': True})
else:
form = ProjectFileForm()
else:
form = ProjectFileForm()
return render_to_response(
'taskManager/upload.html', {'form': form}, RequestContext(request))