def validate_file(form, field):
# File cannot end with a forbidden extension
filename, file_extension = os.path.splitext(field.data.filename)
if len(file_extension) > 0:
forbidden_ext = ForbiddenExtension.query.filter(
ForbiddenExtension.extension == file_extension[1:]).first()
if forbidden_ext is not None:
raise ValidationError('Extension not allowed')
mimedata = field.data
mimetype = magic.from_buffer(field.data.read(1024), mime=True)
# File Pointer returns to beginning
field.data.seek(0, 0)
# Check for permitted mimetype
forbidden_mime = ForbiddenMimeType.query.filter(
ForbiddenMimeType.mimetype == mimetype).first()
if forbidden_mime is not None:
raise ValidationError('File MimeType not allowed')
extension = mimetypes.guess_extension(mimetype)
if extension is not None:
forbidden_real = ForbiddenExtension.query.filter(
ForbiddenExtension.extension == extension[1:]).first()
if forbidden_real is not None:
raise ValidationError('Extension not allowed')
评论列表
文章目录
