mirror of
https://github.com/janeczku/calibre-web
synced 2025-10-24 11:57:40 +00:00
limit the extensions of uploading files
This commit is contained in:
@@ -52,6 +52,7 @@ from cgi import escape
|
|||||||
|
|
||||||
# Global variables
|
# Global variables
|
||||||
global_task = None
|
global_task = None
|
||||||
|
ALLOWED_EXTENSIONS = set(['txt', 'pdf', 'epub', 'mobi', 'azw', 'azw3', 'cbr', 'cbz', 'cbt', 'djvu', 'prc', 'doc', 'docx'])
|
||||||
|
|
||||||
|
|
||||||
# Proxy Helper class
|
# Proxy Helper class
|
||||||
@@ -2115,6 +2116,13 @@ def upload():
|
|||||||
db.session.connection().connection.connection.create_function('uuid4', 0, lambda: str(uuid4()))
|
db.session.connection().connection.connection.create_function('uuid4', 0, lambda: str(uuid4()))
|
||||||
if request.method == 'POST' and 'btn-upload' in request.files:
|
if request.method == 'POST' and 'btn-upload' in request.files:
|
||||||
file = request.files['btn-upload']
|
file = request.files['btn-upload']
|
||||||
|
if not ('.' in file.filename and file.filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS):
|
||||||
|
flash(
|
||||||
|
_('File extension "%s" is not allowed to be uploaded to this server' %
|
||||||
|
file.filename.rsplit('.', 1)[1].lower()),
|
||||||
|
category="error"
|
||||||
|
)
|
||||||
|
return redirect(url_for('index'))
|
||||||
meta = uploader.upload(file)
|
meta = uploader.upload(file)
|
||||||
|
|
||||||
title = meta.title
|
title = meta.title
|
||||||
|
Reference in New Issue
Block a user