Your other option, of course, is to batch "upload" all those files
through web2py (which does renaming), save the original filenames in a
database (name-pair: original-with-spaces; web2py uploaded safe
name). Then you could "serve" these files with their apparent names,
no?
Just a thought...
On Oct 13, 4:09 pm, "Phyo Arkar" <[EMAIL PROTECTED]> wrote:
> Dear Massimo;
>
> Thanks a lot!
> yeah may b thats why, Web2py do not like spaces in file paths.
>
> Yeah Currently Directory Traversal attack can be done , Can easily download
> any file outside of web2py root lol :D.
>
> Yes i will fix too.
>
> Regards,
> Phyo.
>
> On Mon, Oct 13, 2008 at 7:27 PM, mdipierro <[EMAIL PROTECTED]> wrote:
>
> > I am not sure I understand. web2py does not like spaces in the URL.
> > There is no way around it. It is a security measure. "%20" counts as a
> > space.
>
> > You can download those files by building your own method
>
> > def mystatic():
> > file=request.vars.path
> > return
> > response.stream(os.path.join(response.folder,'static',file))
>
> > and link the as
>
> > <a href="{{=URL(r=request,f='myststic',vars=dict(path='your
> > file.html')}}'" >...</a>
>
> > Mind that you still need to validate the file for directory traversal
> > attacks .
>
> > Massimo
>
> > On Oct 13, 1:01 pm, "Phyo Arkar" <[EMAIL PROTECTED]> wrote:
> > > Dear Massimo;
>
> > > The file browser i made is working well but there is a few problem.
>
> > > When a file have a space in file name , it fails to link them.
>
> > > here is the code and result:
>
> > > How can i get it working?
>
> > > Below are the codes :
>
> > > # session.forget() ## uncomment if you do not need sessions
>
> > > def index():
> > > response.heading2='Digital Library'
> > > response.flash="Welcome to Alba Digital Library!"
> > > path = __dir_list__('/opt/web2py/applications/ealba/static/books')
> > > #path =
> > > __generate_files__('/opt/web2py/applications/ealba/static/books')
> > > response.category=path
> > > return dict(message='Book Categories')
>
> > > def browse_files():
> > > import glob,os
> > > pth = glob.glob("%s*" % request.vars.path)
> > > response.flash="Download Books Here!"
>
> > > path = []
> > > for f in pth:
> > > path.append("%s" % os.path.basename(f))
>
> > > base = []
> > > for f in pth:
> > > base.append ("%s" % f.replace(os.path.basename(f),'').replace( \
> > > "/opt/web2py/applications/ealba/static/books/",''))
> > > response.books = [base,path]
> > > response.heading2 = 'Digital Library'
>
> > > return
>
> > dict(message=request.vars.path.replace(os.path.basename(f),'').replace("/op
> > t/web2py/applications/ealba/static/books/",''))
>
> > > def __dir_list__(path):
> > > import os;
> > > if os.path.exists(path):
> > > dir=os.listdir(path)
>
> > > return dir
>
> > > _View_ : browse_files.html
>
> > > {{extend 'layout.html'}}
> > > {{try:}}{{=H3(message)}}{{except:}}{{=BEAUTIFY(response._vars)}}{{pass}}
> > > <table>
> > > <tr>
> > > {{i=0}}{{f=response.books}}
> > > {{for i in range(0,len(response.books[0])):}}
>
> > > <td class="cat" > <a href= {{="../static/books/" +
> > f[0][i]}}
> > > {{=f[1][i].replace(" " ,"%20")}} > {{=f[1][i].replace(" ","%20")}} </a>
> > > </td>
> > > <tr></tr>
> > > {{pass}}
> > > </table>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
