phith0n/app.py

## app.py
import os
import posixpath
from werkzeug.utils import secure_filename
from flask import Flask, redirect, url_for, abort, request, send_file
app = Flask(__name__)
app.config['UPLOAD_FOLDER'] = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'upload')


def allowed_file(filename):
    return '.' in filename and \
           filename.rsplit('.', 1)[1].lower() in ('txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif')


@app.route('/', methods=['GET', 'POST'])
def upload_file():
    if request.method == 'POST':
        if 'file' not in request.files:
            raise abort(403)
        file = request.files['file']
        if file.filename == '':
            raise abort(403)
        if file and allowed_file(file.filename):
            filename = secure_filename(file.filename)
            file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
            return redirect(url_for('download',
                                    filename=filename))
    return '''
    <!doctype html>
    <title>Upload new File</title>
    <h1>Upload new File</h1>
    <form method=post enctype=multipart/form-data>
      <p><input type=file name=file>
         <input type=submit value=Upload>
    </form>
    '''


@app.route("/upload/<path:filename>")
def download(filename):
    filename = filename.replace('\\', '/')
    for sep in filename.split('/'):
        if sep in ('..', '.'):
            raise abort(403)

    if os.path.isabs(filename):
        raise abort(403)

    filename = os.path.join(app.config['UPLOAD_FOLDER'], filename)
    if not posixpath.normpath(filename).startswith(app.config['UPLOAD_FOLDER'] + os.sep):
        raise abort(403)
    try:
        return send_file(filename)
    except FileNotFoundError:
        raise abort(404)


if __name__ == '__main__':
    if not os.path.exists(app.config['UPLOAD_FOLDER']):
        os.makedirs(app.config['UPLOAD_FOLDER'], 0o755)
    app.run(debug=False)
	import os
	import posixpath
	from werkzeug.utils import secure_filename
	from flask import Flask, redirect, url_for, abort, request, send_file
	app = Flask(__name__)
	app.config['UPLOAD_FOLDER'] = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'upload')


	def allowed_file(filename):
	return '.' in filename and \
	filename.rsplit('.', 1)[1].lower() in ('txt', 'pdf', 'png', 'jpg', 'jpeg', 'gif')


	@app.route('/', methods=['GET', 'POST'])
	def upload_file():
	if request.method == 'POST':
	if 'file' not in request.files:
	raise abort(403)
	file = request.files['file']
	if file.filename == '':
	raise abort(403)
	if file and allowed_file(file.filename):
	filename = secure_filename(file.filename)
	file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
	return redirect(url_for('download',
	filename=filename))
	return '''
	<!doctype html>
	<title>Upload new File</title>
	<h1>Upload new File</h1>
	<form method=post enctype=multipart/form-data>
	<p><input type=file name=file>
	<input type=submit value=Upload>
	</form>
	'''


	@app.route("/upload/<path:filename>")
	def download(filename):
	filename = filename.replace('\\', '/')
	for sep in filename.split('/'):
	if sep in ('..', '.'):
	raise abort(403)

	if os.path.isabs(filename):
	raise abort(403)

	filename = os.path.join(app.config['UPLOAD_FOLDER'], filename)
	if not posixpath.normpath(filename).startswith(app.config['UPLOAD_FOLDER'] + os.sep):
	raise abort(403)
	try:
	return send_file(filename)
	except FileNotFoundError:
	raise abort(404)


	if __name__ == '__main__':
	if not os.path.exists(app.config['UPLOAD_FOLDER']):
	os.makedirs(app.config['UPLOAD_FOLDER'], 0o755)
	app.run(debug=False)