tags:

views:

309

answers:

1
Q: 

Django FILES upload: path and filename

When an uploaded file is received by the Django server, its name can be read using UploadedFile.name

If filename in the multipart-data content contains a path like: '/a/b/c', UploadedFile.name seems to contain '/c' . How can I retrieve the full path and not just the file name.

Thanks.

Laurent Luce

+6  A: 

You can't. Many browsers won't ever send the whole path, as a security measure to prevent information leakage.

What's more you know nothing about the file and path naming conventions in force on the user's computer, so there is little you can do with the submitted name. Don't do anything that relies on a submitted filename.

bobince  2010-01-03 01:10:01
+1: This is an extension of the rule: don't trust *anything* the user sends you. UN*X has a command called `file` which will give you a good idea of what you actually have; I believe there is an API for it. If you're accepting all sorts of random upload stuff you might want to look into 'typing' the file yourself and not depending on the extension.
Peter Rowell  2010-01-03 03:04:44

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django