To be clear. We are not talking about Field('...','upload') type of files.
It appears these are static files you uploaded via admin, therefore they
are in static/. Files uploaded via forms, go where where you configure them
to go, generally in uploads/ and access can be restricted using auth.
Field('junk','upload',uploadfolder='whereyoulike',authorization=function
record: return True or False))
On Friday, 18 December 2015 02:36:37 UTC-6, Adrien wrote:
>
> Oh ok thanks Anthony, i used that :
> <a href="{{=URL('static', 'generalfix/clep.pdf'}}" download="clep.pdf">
> clep</a><br/>
> I didn't know i have to use the static folder to upload files, thx you :)
>
> Le jeudi 17 décembre 2015 16:58:05 UTC+1, Anthony a écrit :
>>
>> On Thursday, December 17, 2015 at 9:34:33 AM UTC-5, Adrien wrote:
>>>
>>> Hi everyone,
>>>
>>> I'm trying to create a link to download files, but it doesn't work .. It
>>> redirect me like a simple link.
>>>
>>> This is what i'm using :
>>>
>>> This file is default/index.html
>>> <a href="../uploads/clep.pdf" download="clep.pdf">clep</a><br/>
>>>
>>
>> The only files web2py will serve directly via the file path are those in
>> the /static folder, and even then, you would not specify an OS file path
>> (including a ../) as the href -- you would instead generate a web2py URL
>> with "static" as the controller (e.g., URL('static', 'uploads/clep.pdf')
>> ).
>>
>> For files uploaded via a DAL upload field, you should use the
>> response.download() method. The scaffolding app includes a download()
>> function in the default.py controller that uses this method.
>>
>> In your case, it looks like you have manually put the clep.pdf file in
>> the /uploads folder, as it hasn't been renamed as it would be if uploaded
>> via a DAL upload field. To return such a file, you would instead have to
>> use response.stream(). To prevent a directory traversal attack, you would
>> probably also want to add a signature to the URL and add the
>> @auth.requires_signature() decorator to your download function (this will
>> prevent a malicious user from specifying any arbitrary file in the request
>> URL, as the signature will be associated with the particular file in the
>> link you create).
>>
>> Note, if the clep.pdf file is intended to be available to the public,
>> just put it in the /static folder.
>>
>> Anthony
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
