From 000d9620c19344265120f7cc155109cfc9641c56 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Tue, 13 Mar 2018 05:50:26 -0700 Subject: [PATCH] Add flash messages to receive template, and begin implementing upload POST --- onionshare/web.py | 24 +++++++++++++++++++++--- share/static/css/style.css | 12 ++++++++++++ share/templates/receive.html | 12 +++++++++++- 3 files changed, 44 insertions(+), 4 deletions(-) diff --git a/onionshare/web.py b/onionshare/web.py index b6739bcb..0027bf0f 100644 --- a/onionshare/web.py +++ b/onionshare/web.py @@ -31,9 +31,10 @@ from distutils.version import LooseVersion as Version from urllib.request import urlopen from flask import ( - Flask, Response, request, render_template, abort, make_response, - __version__ as flask_version + Flask, Response, request, render_template, abort, make_response, flash, + redirect, __version__ as flask_version ) +from werkzeug.utils import secure_filename from . import strings, common @@ -48,6 +49,7 @@ class Web(object): self.app = Flask(__name__, static_folder=common.get_resource_path('static'), template_folder=common.get_resource_path('templates')) + self.app.secret_key = self.common.random_string(8) # Debug mode? if self.common.debug: @@ -61,6 +63,8 @@ class Web(object): # Are we using receive mode? self.receive_mode = receive_mode + if self.receive_mode: + self.app.config['UPLOAD_FOLDER'] = self.common.settings.get('downloads_dir') # Starting in Flask 0.11, render_template_string autoescapes template variables # by default. To prevent content injection through template variables in @@ -257,12 +261,26 @@ class Web(object): def index(slug_candidate): self.check_slug_candidate(slug_candidate) - # If download is allowed to continue, serve download page r = make_response(render_template( 'receive.html', slug=self.slug)) return self.add_security_headers(r) + @self.app.route("//upload", methods=['POST']) + def upload(slug_candidate): + # Note that flash strings are on English, and not translated, on purpose, + # to avoid leaking the locale of the OnionShare user + self.check_slug_candidate(slug_candidate) + self.common.log('Web', 'upload, request.files: {}'.format(request.files)) + + # Check if the post request has the file part + if 'file' not in request.files: + flash('No files were selected to upload') + return redirect('/{}'.format(slug_candidate)) + + files = request.files['file'] + return '' + def common_routes(self): """ Common web app routes between sending and receiving diff --git a/share/static/css/style.css b/share/static/css/style.css index c3304f39..c65c11f7 100644 --- a/share/static/css/style.css +++ b/share/static/css/style.css @@ -115,3 +115,15 @@ table.file-list td:last-child { color: #666666; margin: 0 0 20px 0; } + +ul.flashes { + list-style: none; + margin: 0; + padding: 0; + color: #cc0000; +} + +ul.flashes li { + margin: 0; + padding: 10px; +} diff --git a/share/templates/receive.html b/share/templates/receive.html index 6ad3aebc..d7db31de 100644 --- a/share/templates/receive.html +++ b/share/templates/receive.html @@ -12,12 +12,22 @@

OnionShare

+ {% with messages = get_flashed_messages() %} + {% if messages %} + + {% endif %} + {% endwith %} +

Send Files

Select the files you want to send, then click "Send Files"...

-
+