Thanks for the pointer! The docs are at http://docs.djangoproject.com/en/dev/ref/forms/validation/#ref-forms-validation. I had been letting Django use the default forms, and hadn't read much about forms, so I'd missed that hook. I used a clean_<fieldname>() method and it works perfectly. The only thing left is deciding which files are dangerous, so if anyone has any tips on that topic please let me know. I'm really only a novice when it comes to web programming, so I'm not familiar with the different security threats that are out there. Thanks again!
On Feb 20, 6:25 pm, Briel <toppe...@gmail.com> wrote: > Validation is a big subject, and the validation of files can be very > complex aswell. Anyways to validate you need to define a clean method > in your form. Here you put the code that can test things like file > types, and whatever you can think of using python. I can't get you the > link as I'm not at my laptop, but if you search the django docs for > "form validation" "clean" or "cleaned_data" you should be able to find > the right doc. You want to read about the clean method an is_valid(). > > On 20 Feb., 22:09, Michael Repucci <mich...@repucci.org> wrote: > > > I'm totally new to Django and authorized/secure web apps, and really > > loving it for this. But I've got a few really novice questions. I've > > got a model with a FileField, to which users can upload an arbitrary > > file. In the model docs for the FileField it says, "Validate all > > uploaded files." And I'm not sure where to do this or how. Is this > > through the save_model method of the ModelAdmin class? If so, what is > > the basic format, because not executing obj.save() didn't seem to do > > the trick. > > > Also, as mentioned in the docs, I don't want to allow a user to upload > > a PHP script or similar, and execute it by visiting the link, but I > > would like users to be able to place any of various file types on the > > server so that other users can download them. Is it enough to just > > exclude files with certain extensions (e.g., PHP, CGI, etc.), and if > > so, is there a list of all the "dangerous" file extensions somewhere? > > > Thanks for your help in advance! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
