altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity
datatracker/ietf/utils/textupload.py
Henrik Levkowetz 3c82dc6184 Merged in [16922] from sasha@dashcare.nl: 
Fix #2584 - Add additional content validation for uploaded texts.
Permitted MIME types are now text/plain, text/markdown and text/x-rst.
This applies to all usages of get_cleaned_text_file_content(),
including reviews, but also other similar places where text can either
be written either into a textarea or uploaded.
 - Legacy-Id: 16930
Note: SVN reference [16922] has been migrated to Git commit fd53f98854
2019-10-26 15:42:58 +00:00

59 lines
2 KiB
Python
Raw Blame History

# Copyright The IETF Trust 2012-2019, All Rights Reserved
# -*- coding: utf-8 -*-
from __future__ import absolute_import, print_function, unicode_literals
import re
from django.conf import settings
from django.core.exceptions import ValidationError
import debug # pyflakes:ignore
def get_cleaned_text_file_content(uploaded_file):
"""Read uploaded file, try to fix up encoding to UTF-8 and
transform line endings into Unix style, then return the content as
a UTF-8 string. Errors are reported as
django.core.exceptions.ValidationError exceptions."""
if not uploaded_file:
return ""
if uploaded_file.size and uploaded_file.size > 10 * 1000 * 1000:
raise ValidationError("Text file too large (size %s)." % uploaded_file.size)
content = b"".join(uploaded_file.chunks())
# try to fixup encoding
import magic
if hasattr(magic, "open"):
m = magic.open(magic.MAGIC_MIME)
m.load()
filetype = m.buffer(content)
else:
m = magic.Magic()
m.cookie = magic.magic_open(magic.MAGIC_NONE | magic.MAGIC_MIME | magic.MAGIC_MIME_ENCODING)
magic.magic_load(m.cookie, None)
filetype = m.from_buffer(content)
if not filetype.startswith(settings.DOC_TEXT_FILE_VALID_UPLOAD_MIME_TYPES):
raise ValidationError("Uploaded file does not appear to be a text file. "
"Permitted MIME types are {}, this file is {}"
.format(', '.join(settings.DOC_TEXT_FILE_VALID_UPLOAD_MIME_TYPES), filetype))
match = re.search(r"charset=([\w-]+)", filetype)
if not match:
raise ValidationError("File has unknown encoding.")
encoding = match.group(1)
try:
content = content.decode(encoding)
except Exception as e:
raise ValidationError("Error decoding file (%s). Try submitting with UTF-8 encoding or remove non-ASCII characters." % str(e))
# turn line-endings into Unix style
content = content.replace("\r\n", "\n").replace("\r", "\n")
return content
Reference in a new issue View git blame Copy permalink