3

I'm trying to block unwanted content-type of uploaded files. I'm using the code from documentation:

class UploadHandler(blobstore_handlers.BlobstoreUploadHandler):
  def post(self):
    upload_files = self.get_uploads('file')  # 'file' is file upload field in the form
    blob_info = upload_files[0]
    self.redirect('/serve/%s' % blob_info.key())

What I've found out is that before the last line with redirect, the blob is already in blobstore, so the only thing left to do is to check it's content-type and perform delete if it is unwanted.

Is there any other way to discard the file before it hits blobstore?

B0rG
  • 1,185
  • 10
  • 12

2 Answers2

2

the only way to do it before it hits the Blobstore is on the client side for example by checking the extension of the file with javascript.
once it hits your UploadHandler its already in the BlobStore.

aschmid00
  • 6,798
  • 2
  • 42
  • 63
  • Thanks for insight. I'd rather not trust the extension or javascript which can be disabled. Util somebody posts some server-side solution, I'll stay with upload and delete if content-type is not allowed. – B0rG Feb 14 '12 at 14:02
2

You could also try the accept attribute of the <input>, but it's not supported in all browsers and if you really want to, you can try some Flash or Java Applet solutions as mention in another answer. I personally would go for the server-side check and delete.

Community
  • 1
  • 1
Lipis
  • 19,958
  • 18
  • 88
  • 117
  • 1
    Thanks for the accept attribute, I'll definitely use this one too. So, +1 for the upload + delete. – B0rG Feb 14 '12 at 22:46