Django：如何进行可疑文件操作/复制文件 [英] Django: How to allow a Suspicious File Operation / copy a file

问题描述

我想执行 SuspiciousFileOperation ，django默认情况下不允许这样做。

I want to do a SuspiciousFileOperation which django disallows by default.

我正在编写命令（通过 manage.py importfiles 来运行，以在我自己的Django书面存储中将给定的目录结构导入真实文件系统中。

I am writing a command (to run via manage.py importfiles) to import a given directory structure on the real file system in my self written filestorage in Django.

我认为，这是我的相关代码：

I think, this is my relevant code:

def _handle_directory(self, directory_path, directory):
    for root, subFolders, files in os.walk(directory_path):
        for filename in files:
            self.cnt_files += 1
            new_file = File(directory=directory, filename=filename, file=os.path.join(root, filename),
                 uploader=self.uploader)
            new_file.save()

回溯是：

Traceback (most recent call last):
  File ".\manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "C:\Python27\lib\site-packages\django\core\management\__init__.py", line 399, in execute_from_command_line
    utility.execute()
  File "C:\Python27\lib\site-packages\django\core\management\__init__.py", line 392, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "C:\Python27\lib\site-packages\django\core\management\base.py", line 242, in run_from_argv
    self.execute(*args, **options.__dict__)
  File "C:\Python27\lib\site-packages\django\core\management\base.py", line 285, in execute
    output = self.handle(*args, **options)
  File "D:\Development\github\Palco\engine\filestorage\management\commands\importfiles.py", line 53, in handle
    self._handle_directory(args[0], root)
  File "D:\Development\github\Palco\engine\filestorage\management\commands\importfiles.py", line 63, in _handle_directory
    new_file.save()
  File "D:\Development\github\Palco\engine\filestorage\models.py", line 157, in save
    self.sha512 = hashlib.sha512(self.file.read()).hexdigest()
  File "C:\Python27\lib\site-packages\django\core\files\utils.py", line 16, in <lambda>
    read = property(lambda self: self.file.read)
  File "C:\Python27\lib\site-packages\django\db\models\fields\files.py", line 46, in _get_file
    self._file = self.storage.open(self.name, 'rb')
  File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 33, in open
    return self._open(name, mode)
  File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 160, in _open
    return File(open(self.path(name), mode))
  File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 261, in path
    raise SuspiciousFileOperation("Attempted access to '%s' denied." % name)
django.core.exceptions.SuspiciousFileOperation: Attempted access to 'D:\Temp\importme\readme.html' denied.

完整模型可在GitHub上找到。 完整命令当前在gist.github.com上可用。

如果您不想检查模型：我的文件的属性 file 类是 FileField 。

If you do not want to check the model: the attribute file of my File class is a FileField.

我认为，发生此问题是因为我只是链接到找到的文件。但是我需要复制它，是吗？如何将文件复制到文件中？

I assume, this problem happens, because I am just "linking" to the file found. But I need to copy it, huh? How can I copy the file into the file?

推荐答案

分析stacktrace的这一部分：

Analyzing this part of stacktrace:

File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 261, in path
    raise SuspiciousFileOperation("Attempted access to '%s' denied." % name)

导致标准的Django FileSystemStorage 。它期望文件位于您的 MEDIA_ROOT 之内。您的文件可以在文件系统中的任何位置，因此会发生此问题。

leads to the standard Django FileSystemStorage. It expects files to be within your MEDIA_ROOT. Your files can be anywhere in the file system, therefore this problem occurs.

您应该传递类似文件的对象，而不是 File 模型的路径。最简单的方法是使用Django File 类，该类是类似python文件的对象的包装。有关更多详细信息，请参见文件对象文档。

You should pass file-like object instead of a path to your File model. The easiest way to achieve that would be to use Django File class, which is a wrapper around python file-like objects. See File object documentation for more details.

更新：

好，我建议在此从文档中选择一条路线：

Ok, I am suggesting here a route taken from the docs:

from django.core.files import File as FileWrapper

def _handle_directory(self, directory_path, directory):
    for root, subFolders, files in os.walk(directory_path):
        for filename in files:
            self.cnt_files += 1
            new_file = File(
                 directory=directory, filename=filename,
                 file=os.path.join(root, filename),
                 uploader=self.uploader)
            with open(os.path.join(root, filename), 'r') as f:
                file_wrapper = FileWrapper(f)
                new_file = File(
                    directory=directory, filename=filename,
                    file=file_wrapper,
                    uploader=self.uploader)
                new_file.save()

如果可行，应将文件复制到您的 secure_storage 可调用对象提供的位置。

If it works it should copy the file to the location provided by your secure_storage callable.

这篇关于Django：如何进行可疑文件操作/复制文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！