问题描述
|
我正在尝试一个允许用户上传音频文件的网站。我已经阅读了所有可以动手使用的文档,但是找不到太多有关验证文件的信息。
这里共有newb(以前从未进行过任何形式的任何文件验证),并试图弄清楚这一点。有人可以牵着我的手告诉我我需要知道什么吗?
一如既往,谢谢您。
解决方法
您需要先验证文件,然后再将其写入磁盘。当您上载文件时,表单将得到验证,然后上载的文件将被传递到处理程序/方法,该处理程序/方法将实际写入服务器磁盘。因此,在这两个操作之间,您需要执行一些自定义验证,以确保它是有效的音频文件
你可以:
检查文件是否小于一定大小(好的做法)
然后检查提交的文件是否具有特定的内容类型(即音频文件)
这是没有用的,因为有人可以轻易地欺骗它
然后检查文件是否以某个扩展名(或多个扩展名)结尾
这也很没用
尝试读取文件,看看它是否真正是音频
(我尚未测试此代码)
models.py
class UserSong(models.Model):
title = models.CharField(max_length=100)
audio_file = models.FileField()
表格
class UserSongForm(forms.ModelForm):
# Add some custom validation to our file field
def clean_audio_file(self):
file = self.cleaned_data.get(\'audio_file\',False):
if file:
if file._size > 4*1024*1024:
raise ValidationError(\"Audio file too large ( > 4mb )\")
if not file.content-type in [\"audio/mpeg\",\"audio/...\"]:
raise ValidationError(\"Content-Type is not mpeg\")
if not os.path.splitext(file.name)[1] in [\".mp3\",\".wav\" ...]:
raise ValidationError(\"Doesn\'t have proper extension\")
# Here we need to now to read the file and see if it\'s actually
# a valid audio file. I don\'t know what the best library is to
# to do this
if not some_lib.is_audio(file.content):
raise ValidationError(\"Not a valid audio file\")
return file
else:
raise ValidationError(\"Couldn\'t read uploaded file\")
views.py
从utils导入handle_uploaded_file
def upload_file(request):
if request.method == \'POST\':
form = UserSongForm(request.POST,request.FILES)
if form.is_valid():
# If we are here,the above file validation has completed
# so we can now write the file to disk
handle_uploaded_file(request.FILES[\'file\'])
return HttpResponseRedirect(\'/success/url/\')
else:
form = UploadFileForm()
return render_to_response(\'upload.html\',{\'form\': form})
utils.py
# from django\'s docs
def handle_uploaded_file(f):
ext = os.path.splitext(f.name)[1]
destination = open(\'some/file/name%s\'%(ext),\'wb+\')
for chunk in f.chunks():
destination.write(chunk)
destination.close()
https://docs.djangoproject.com/en/dev/topics/http/file-uploads/#file-uploads
https://docs.djangoproject.com/en/dev/ref/forms/fields/#filefield
https://docs.djangoproject.com/zh-CN/dev/ref/files/file/#django.core.files.File