admin.py 文件源码

python
阅读 25 收藏 0 点赞 0 评论 0

项目:sysu-ctf 作者: ssst0n3 项目源码 文件源码
def admin_files(chalid):
    if request.method == 'GET':
        files = Files.query.filter_by(chal=chalid).all()
        json_data = {'files':[]}
        for x in files:
            json_data['files'].append({'id':x.id, 'file':x.location})
        return jsonify(json_data)
    if request.method == 'POST':
        if request.form['method'] == "delete":
            f = Files.query.filter_by(id=request.form['file']).first_or_404()
            if os.path.exists(os.path.join(app.static_folder, 'uploads', f.location)): ## Some kind of os.path.isfile issue on Windows...
                os.unlink(os.path.join(app.static_folder, 'uploads', f.location))
            db.session.delete(f)
            db.session.commit()
            db.session.close()
            return "1"
        elif request.form['method'] == "upload":
            files = request.files.getlist('files[]')

            for f in files:
                filename = secure_filename(f.filename)

                if len(filename) <= 0:
                    continue

                md5hash = hashlib.md5(os.urandom(64)).hexdigest()

                if not os.path.exists(os.path.join(os.path.normpath(app.static_folder), 'uploads', md5hash)):
                    os.makedirs(os.path.join(os.path.normpath(app.static_folder), 'uploads', md5hash))

                f.save(os.path.join(os.path.normpath(app.static_folder), 'uploads', md5hash, filename))
                db_f = Files(chalid, os.path.join('static', 'uploads', md5hash, filename))
                db.session.add(db_f)

            db.session.commit()
            db.session.close()
            return redirect('/admin/chals')
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号