Django:如何进行可疑文件操作/复制文件 [英] Django: How to allow a Suspicious File Operation / copy a file
问题描述
我想执行 SuspiciousFileOperation
,django默认情况下不允许这样做。
I want to do a SuspiciousFileOperation
which django disallows by default.
我正在编写命令(通过 manage.py importfiles
来运行,以在我自己的Django书面存储中将给定的目录结构导入真实文件系统中。
I am writing a command (to run via manage.py importfiles
) to import a given directory structure on the real file system in my self written filestorage in Django.
我认为,这是我的相关代码:
I think, this is my relevant code:
def _handle_directory(self, directory_path, directory):
for root, subFolders, files in os.walk(directory_path):
for filename in files:
self.cnt_files += 1
new_file = File(directory=directory, filename=filename, file=os.path.join(root, filename),
uploader=self.uploader)
new_file.save()
回溯是:
Traceback (most recent call last):
File ".\manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "C:\Python27\lib\site-packages\django\core\management\__init__.py", line 399, in execute_from_command_line
utility.execute()
File "C:\Python27\lib\site-packages\django\core\management\__init__.py", line 392, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "C:\Python27\lib\site-packages\django\core\management\base.py", line 242, in run_from_argv
self.execute(*args, **options.__dict__)
File "C:\Python27\lib\site-packages\django\core\management\base.py", line 285, in execute
output = self.handle(*args, **options)
File "D:\Development\github\Palco\engine\filestorage\management\commands\importfiles.py", line 53, in handle
self._handle_directory(args[0], root)
File "D:\Development\github\Palco\engine\filestorage\management\commands\importfiles.py", line 63, in _handle_directory
new_file.save()
File "D:\Development\github\Palco\engine\filestorage\models.py", line 157, in save
self.sha512 = hashlib.sha512(self.file.read()).hexdigest()
File "C:\Python27\lib\site-packages\django\core\files\utils.py", line 16, in <lambda>
read = property(lambda self: self.file.read)
File "C:\Python27\lib\site-packages\django\db\models\fields\files.py", line 46, in _get_file
self._file = self.storage.open(self.name, 'rb')
File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 33, in open
return self._open(name, mode)
File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 160, in _open
return File(open(self.path(name), mode))
File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 261, in path
raise SuspiciousFileOperation("Attempted access to '%s' denied." % name)
django.core.exceptions.SuspiciousFileOperation: Attempted access to 'D:\Temp\importme\readme.html' denied.
完整模型可在GitHub上找到。 完整命令当前在gist.github.com上可用。
如果您不想检查模型:我的文件的属性
类是 FileField 。 file
If you do not want to check the model: the attribute file
of my File
class is a FileField.
我认为,发生此问题是因为我只是链接到找到的文件。但是我需要复制它,是吗?如何将文件复制到文件中?
I assume, this problem happens, because I am just "linking" to the file found. But I need to copy it, huh? How can I copy the file into the file?
推荐答案
分析stacktrace的这一部分:
Analyzing this part of stacktrace:
File "C:\Python27\lib\site-packages\django\core\files\storage.py", line 261, in path
raise SuspiciousFileOperation("Attempted access to '%s' denied." % name)
导致标准的Django FileSystemStorage
。它期望文件位于您的 MEDIA_ROOT
之内。您的文件可以在文件系统中的任何位置,因此会发生此问题。
leads to the standard Django FileSystemStorage
. It expects files to be within your MEDIA_ROOT
. Your files can be anywhere in the file system, therefore this problem occurs.
您应该传递类似文件的对象,而不是 File
模型的路径。最简单的方法是使用Django File
类,该类是类似python文件的对象的包装。有关更多详细信息,请参见文件对象文档。
You should pass file-like object instead of a path to your File
model. The easiest way to achieve that would be to use Django File
class, which is a wrapper around python file-like objects. See File object documentation for more details.
更新:
好,我建议在此从文档中选择一条路线:
Ok, I am suggesting here a route taken from the docs:
from django.core.files import File as FileWrapper
def _handle_directory(self, directory_path, directory):
for root, subFolders, files in os.walk(directory_path):
for filename in files:
self.cnt_files += 1
new_file = File(
directory=directory, filename=filename,
file=os.path.join(root, filename),
uploader=self.uploader)
with open(os.path.join(root, filename), 'r') as f:
file_wrapper = FileWrapper(f)
new_file = File(
directory=directory, filename=filename,
file=file_wrapper,
uploader=self.uploader)
new_file.save()
如果可行,应将文件复制到您的 secure_storage
可调用对象提供的位置。
If it works it should copy the file to the location provided by your secure_storage
callable.
这篇关于Django:如何进行可疑文件操作/复制文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!