summaryrefslogtreecommitdiffstats
path: root/test/modules/http1/htdocs/cgi/upload.py
blob: 632b7e96d270b08b28222b46c02ff7922e2aca78 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/usr/bin/env python3
import os
import sys
from requestparser import get_request_params


forms, files = get_request_params()

status = '200 Ok'

# Test if the file was uploaded
if 'file' in files:
    fitem = files['file']
    # strip leading path from file name to avoid directory traversal attacks
    fname = fitem.file_name
    fpath = f'{os.environ["DOCUMENT_ROOT"]}/files/{fname}'
    fitem.save_to(fpath)
    message = "The file %s was uploaded successfully" % (fname)
    print("Status: 201 Created")
    print("Content-Type: text/html")
    print("Location: %s://%s/files/%s" % (os.environ["REQUEST_SCHEME"], os.environ["HTTP_HOST"], fname))
    print("")
    print("<html><body><p>%s</p></body></html>" % (message))

elif 'remove' in forms:
    remove = forms['remove']
    try:
        fname = os.path.basename(remove)
        os.remove('./files/' + fname)
        message = 'The file "' + fname + '" was removed successfully'
    except OSError as e:
        message = 'Error removing ' + fname + ': ' + e.strerror
        status = '404 File Not Found'
    print("Status: %s" % (status))
    print("""
Content-Type: text/html

<html><body>
<p>%s</p>
</body></html>""" % (message))

else:
    message = '''\
        Upload File<form method="POST" enctype="multipart/form-data">
        <input type="file" name="file">
        <button type="submit">Upload</button></form>
        '''
    print("Status: %s" % (status))
    print("""\
Content-Type: text/html

<html><body>
<p>%s</p>
</body></html>""" % (message))