|
|
@@ -1,13 +1,10 @@
|
|
|
-import os
|
|
|
-
|
|
|
from flask import Blueprint, render_template, request, flash, redirect, url_for
|
|
|
from flask_login import login_required, current_user
|
|
|
from werkzeug.security import generate_password_hash, check_password_hash
|
|
|
-from werkzeug.utils import secure_filename
|
|
|
from .models import User
|
|
|
from . import db
|
|
|
|
|
|
-from . import alphagen as ag
|
|
|
+from . import clean_file as cf
|
|
|
|
|
|
dashboards = Blueprint('dashboards', __name__)
|
|
|
|
|
|
@@ -40,25 +37,12 @@ def profile():
|
|
|
@dashboards.route('/create_art', methods=['GET', 'POST'])
|
|
|
#login_required
|
|
|
def create():
|
|
|
- UPLOAD_FOLDER = 'app/static/incoming'
|
|
|
- ALLOWED_EXT = {'png', 'jpg', 'jpeg'}
|
|
|
-
|
|
|
- # Checks file for allowed extension
|
|
|
- def allowed_file(filename):
|
|
|
- return '.' in filename and \
|
|
|
- filename.rsplit('.', 1)[1].lower() in ALLOWED_EXT
|
|
|
-
|
|
|
# check POST req
|
|
|
if request.method == "POST":
|
|
|
new_art = request.files.get('art_img')
|
|
|
|
|
|
- if new_art and new_art.filename != '' and allowed_file(new_art.filename):
|
|
|
- sfn = secure_filename(new_art.filename) # strips any slashes
|
|
|
- ssfn, fx = os.path.splitext(sfn) # ensures that internal filenames are not
|
|
|
- rsfn = ag.gen_alphanum() # known to users.
|
|
|
- ffn = f'{rsfn}{fx}'
|
|
|
- new_art.save(f'{UPLOAD_FOLDER}/{ffn}')
|
|
|
-
|
|
|
+ if new_art and new_art.filename != '' and cf.allowed_file(new_art.filename):
|
|
|
+ new_art.save(f'{cf.UPLOAD_FOLDER}/{cf.sanitize(new_art.filename)}')
|
|
|
|
|
|
return render_template('create_art.html', user=current_user)
|
|
|
|
control