Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Validating upload file type in Django

Tags:

python

django

I have a Post model with a filefield which is used to upload files. How can I validate the file type (pdf for now, or any other types if I change to later). Preferably i'd like to validate the content, but if not I guess suffix would do too. I tried to look up online but most of the solutions I found are from way back and as the Django document get updated they don't work any more. Please if anyone can help. Thanks.

class Post(models.Model):
    author = models.ForeignKey('auth.User',default='')
    title = models.CharField(max_length=200)
    text = models.TextField()
    PDF = models.FileField(null=True, blank=True)
    created_date = models.DateTimeField(
            default=timezone.now)
    published_date = models.DateTimeField(
            blank=True, null=True)

    def publish(self):
        self.published_date = timezone.now()
        self.save()

    def __str__(self):
        return self.title
like image 362
hakuro Avatar asked Jul 18 '17 16:07

hakuro

2 Answers

With Django 1.11 you can use FileExtensionValidator. With earlier versions, or for extra validation, you can build your own validator based on it. And you should probably create a validator either way because of this warning:

Don’t rely on validation of the file extension to determine a file’s type. Files can be renamed to have any extension no matter what data they contain.

Here's a sample code with the existing validator:

from django.core.validators import FileExtensionValidator
class Post(models.Model):
    PDF = models.FileField(null=True, blank=True, validators=[FileExtensionValidator(['pdf'])])

Source code is also available so you can easily create your own:

https://docs.djangoproject.com/en/1.11/_modules/django/core/validators/#FileExtensionValidator

like image 93
kichik Avatar answered Oct 26 '22 11:10

kichik

Think of validation in terms of:

  • Name/extension
  • Metadata (content type, size)
  • Actual content (is it really a PNG as the content-type says, or is it a malicious PDF?)

The first two are mostly cosmetic - pretty easy to spoof/fake that information. By adding content validation (via file magic - https://pypi.python.org/pypi/filemagic) you add a little bit of additional protection

Here is a good, related answer: Django: Validate file type of uploaded file It may be old, but the core idea should be easily adapted.

like image 2
bimsapi Avatar answered Oct 26 '22 12:10

bimsapi
Sign in to Comment

Related questions

How to count objects in image using python?
Hurst Exponent in python
Convert python abbreviated month name to full name
Django get related objects ManyToMany relationships
sorting list of lists and getting indices in unsorted list
How Can I Use Python FileNotFoundError to print name of missing file?
Gensim installation problems
How to extract only the month and day from a datetime object?
Split dictionary depending on key lists
Pandas - Find longest stretch without Nan values
how to preserve links when scraping a table with beautiful soup and pandas
Appending a range to a list
How to access a column whose name I cannot access in chained operations
get the i-th slice of the k-th dimension in a numpy array
Python: how to remove a value from a dict if it exactly matches the key?
Pandas groupby results on the same plot
python gRPC requiring a context argument
Remove 'seconds' and 'minutes' from a Pandas dataframe column
Sorting categorical labels in seaborn chart
Pandas DataFrame Bar Plot - Plot Bars Different Colors From Specific Colormap

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!