upload file from filename
From a Python Script, given a string which is a filename on the local filesystem, say,
thisFile = 'C:\\ProgramFiles\\SomeDir\\somefile.dat' How can I upload this to the zope filesystem? I naively tried: folder.manage_addFile(id='somefile.dat', file=thisFile ) But of course this created a file somefile.dat with contents 'somefile.dat' because the 'file' argument contains the content, not the name, of the file. Any suggestions? Thanks, John Hunter
You really need to send in the "filename" as the value of a browser "<input type=file>" form element. In short, the file name is not enough info ... the form element passes in a file handle as well, allowing the upload. Ziniti John Hunter wrote:
From a Python Script, given a string which is a filename on the local filesystem, say,
thisFile = 'C:\\ProgramFiles\\SomeDir\\somefile.dat'
How can I upload this to the zope filesystem?
I naively tried:
folder.manage_addFile(id='somefile.dat', file=thisFile )
But of course this created a file somefile.dat with contents 'somefile.dat' because the 'file' argument contains the content, not the name, of the file.
Any suggestions? Thanks, John Hunter
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
"John" == John Ziniti <jziniti@speakeasy.org> writes:
John> You really need to send in the "filename" as the value of a John> browser "<input type=file>" form element. In short, the John> file name is not enough info ... the form element passes in John> a file handle as well, allowing the upload. Yes, I've been reading some of the HTTPRequest source code to try and figure out how this is done, but no luck yet. If anyone knows how to construct this object from a filename/path etc so that it could be used with manage_addFile, I would be much obliged. Thanks, John Hunter
John Hunter wrote:
"John" == John Ziniti <jziniti@speakeasy.org> writes:
John> You really need to send in the "filename" as the value of a John> browser "<input type=file>" form element. In short, the John> file name is not enough info ... the form element passes in John> a file handle as well, allowing the upload.
Yes, I've been reading some of the HTTPRequest source code to try and figure out how this is done, but no luck yet. If anyone knows how to construct this object from a filename/path etc so that it could be used with manage_addFile, I would be much obliged.
Hmmm ... this is non-trivial. I must admit that I have never tried to send stuff this way, But I have looked over the spec for parsing it at the server side, and though it is really not *that* difficult, it is not too easy either. There are 3 ways to send data to a webserver: urlencoded (method="get"), "application/x-www-form-encoded" (method="post") and multipart/form-data (enctype="multipart/form-data" method="post"). It is the latter that is of interrest to you. As far as I can tell it is a form of mime data. So the Mime module is probably where you should look for a solution. Then you will need to do a "post", probably with some special headers and the content of the form as a mime message. I don't believe that you can use the standard urllib or even urllib2 as they only handle data of the "application/x-www-form-encoded " and "urlencoded" type. Hopes it gives a push in the right direction. regards Max M
I think the main problem with what you are proposing is that it is the *browser* that needs to know that it is uploading the file. I don't think the server does anything special. The client just says "OK, I'm sending you a file", and the server receives it. In your instance, the client is saying, "Here's some text", and you'd like the server to be able to request a file on the client's computer??? I think it's impossible. It's definitely insecure. I think you need to find another way to do it. John Hunter wrote:
"John" == John Ziniti <jziniti@speakeasy.org> writes:
John> You really need to send in the "filename" as the value of a John> browser "<input type=file>" form element. In short, the John> file name is not enough info ... the form element passes in John> a file handle as well, allowing the upload.
Yes, I've been reading some of the HTTPRequest source code to try and figure out how this is done, but no luck yet. If anyone knows how to construct this object from a filename/path etc so that it could be used with manage_addFile, I would be much obliged.
Thanks, John Hunter
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
"John" == John Ziniti <jziniti@speakeasy.org> writes:
John> In your instance, the client is saying, "Here's some text", John> and you'd like the server to be able to request a file on John> the client's computer??? John> I think it's impossible. It's definitely insecure. Oh yes, now I see the problem. I have a series of files, file1, file2 file3,..., filen and I wanted the user to be able to give the start and end numbers and zope would iterate over the list and upload them. From your security comments, I see why this kind of thing is not possible. Back to the archives .... Thanks for your input, John Hunter
[John Hunter]" <jdhunter@ace.bsd.uchicago.edu>
"John" == John Ziniti <jziniti@speakeasy.org> writes:
John> In your instance, the client is saying, "Here's some text", John> and you'd like the server to be able to request a file on John> the client's computer???
John> I think it's impossible. It's definitely insecure.
Oh yes, now I see the problem. I have a series of files, file1, file2 file3,..., filen and I wanted the user to be able to give the start and end numbers and zope would iterate over the list and upload them. From your security comments, I see why this kind of thing is not possible.
If you want to have a user using a browser to do this, it can't be done directly because javascript is not allowed to set the value of a file upload input element, for security reasons. The user has to type the file's path by hand, that's the only way the filename can get into the system. It isn't Zope that uploads them, it's the browser. Cheers, Tom P
"Thomas" == Thomas B Passin <tpassin@mitretek.org> writes:
Thomas> If you want to have a user using a browser to do this, it Thomas> can't be done directly because javascript is not allowed Thomas> to set the value of a file upload input element, for Thomas> security reasons. The user has to type the file's path by Thomas> hand, that's the only way the filename can get into the Thomas> system. Yes I experimented with this. First I created a form which got the names of the start file (eg, file1.dat) and end file (eg, file100.dat) and the dir name, and passed these to a DTML method that created a form with default values for all files in between <dtml-let files="get_file_list_extern(file_begin.filename,file_end.filename)"> <form action="addedMultipleFiles" method="post" enctype="multipart/form-data"> <dtml-in files> <table> <tr><th align="right">File #<dtml-var sequence-index></th> <td><INPUT TYPE="file" NAME="file<dtml-var sequence-index>" VALUE="<dtml-var expr=REQUEST.get('dir')><dtml-var sequence-item>" WIDTH=100></td></tr> </dtml-in> </table> <input type="SUBMIT" name="SUBMIT" value="Submit EEG"> </dtml-let> But as you say, this doesn't work because defaults values aren't allowed for file input types. Interestingly, this approach does work with opera, which allows the use of default values but warns you when you submit and you have to confirm each file separately. But it didn't work with Mozilla or IE. Damn! I may end up having to go with a zip file after all. I'm very limited in what I can do to the client side machines, from which the users will upload the data, because I don't admin them. I can just cross my fingers and hope they have winzip installed... Thanks for your input, John Hunter
Unfortunately, the only solution I've found that works well for me is to tell my users they have to create a ZIP/TarGZ archive of the files they want to upload, and then upload *that*. Then I can use Python to extract the files. John Hunter wrote:
"John" == John Ziniti <jziniti@speakeasy.org> writes:
John> In your instance, the client is saying, "Here's some text", John> and you'd like the server to be able to request a file on John> the client's computer???
John> I think it's impossible. It's definitely insecure.
Oh yes, now I see the problem. I have a series of files, file1, file2 file3,..., filen and I wanted the user to be able to give the start and end numbers and zope would iterate over the list and upload them. From your security comments, I see why this kind of thing is not possible.
Back to the archives ....
Thanks for your input, John Hunter
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[John Hunter]
From a Python Script, given a string which is a filename on the local filesystem, say,
thisFile = 'C:\\ProgramFiles\\SomeDir\\somefile.dat'
How can I upload this to the zope filesystem?
I naively tried:
folder.manage_addFile(id='somefile.dat', file=thisFile )
But of course this created a file somefile.dat with contents 'somefile.dat' because the 'file' argument contains the content, not the name, of the file.
I don't think you can do this because of security restrictions on scripts. You can do it easily with some help from an external method, though, because the external method can get the file's data for you. On the other hand, you might want to add some thoughtful checking to provide some security about what files are allowed to be uploaded. Of course, that only gets you files that the server computer can access, but it sounds like that is what you want. Cheers, Tom P
participants (4)
-
John Hunter -
John Ziniti -
Max M -
Thomas B. Passin