Age | Commit message (Collapse) | Author | Files | Lines |
|
Make sure obj is returned from upload_file so that we can delete it if
add_file raises an exception.
|
|
This will ensure the file content is flushed and lets us get the actual
file size, which will fix very small files being stored with size == 0.
|
|
If a file has been deleted, mark it as scanned and continue.
|
|
Add two new configuration options: MIMETYPE_BLACKLIST and
MIMETYPE_USER_WHITELIST. Any mimetype in MIMETYPE_BLACKLIST will be sent
as either text/plain or application/octet-stream depending on the actual
mimetype returned. If the uploader's username is specified in
MIMETYPE_USER_WHITELIST, the blacklist is ignored.
|
|
This fixes thumbnails being in the incorrect orientation after we
removed the call to mogrify.
|
|
|
|
This change removes and direct references to the filesystem from the
pyfbin code other that file_storage.filesystem. This should hopyfully be
the last changes needed for pyfbin to be successfully run using the
file_storage.s3 module without any issues.
|
|
This is a backup script which will copy files to a target storage, and
optionally add database entries as well. It works by specifying a source
and a target config file. Both should have separate storage configured,
and files will be copied from the source storage to the target storage.
The list of files to copy is read from the source database, which means
this must be accessible from where the script is run, not just the
storage. If updating databse entries the target database must also be
accessible. The target database is also check for any existing file
hashes, and any files that would cause a collision will be skipped.
|
|
This makes database access a bit easier and also greatly simplifies some
upcoming changes.
|
|
scans is a dict, not a list, so we need to call values() to retrieve the
result dicts.
|
|
By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we
can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some
matches that's usually only matched by a few engines, such as phishing.
|
|
Move the chmod call into the try block so we always call this when
add_file succeeds, otherwise new_file might not be set yet and we will
get an UnboundLocalError.
|
|
|
|
This allows configuring max file sizes for both registered and anonymous
users. For registered users the USER_FILE_SIZE_LIMIT is used, and
ANONYMOUS_FILE_SIZE_LIMIT for anonymous users. If the size is not
specified or None, the limit is not enforced. Setting the limit to 0
effectively disables uploads.
|
|
Usually we want the file data, not the thumbnail.
|
|
This makes sure the upload form is visually updated when dropping or
pasting a file.
|
|
Wrap the call to get_size() in a generator so we don't have to look up
the files (if needed) twice.
|
|
|
|
|
|
|
|
This will allow us to remotely store thumbnails in case of S3. For S3
the thumb bucket is configurable to allow these to be stored separately.
The S3 key for thumbnails does not conflict with files, so these can be
stored in the same bucket if needed.
|
|
Regression since b72ecc321c315bafe40cc7406e87e088564ab8a9. This is
needed eg. when using X-Sendfile so that the web server can access the
files.
|
|
|
|
|
|
|
|
|
|
|
|
Allows for storing files other places than the local file system.
Currently the local filesystem and S3 are supported.
|
|
|
|
|
|
|
|
|
|
Files are blocked if blocked_reason is non-NULL. This value is currently
not exposed publicly, instead a 404 will be returned.
Files are scanned using virustotal.com's public API if scanned is False.
Scans are performed by the fbin-scanner.py script. If a match is found,
blocked_reason is set to the payload received. Files that are not in
VT's database will be automatically submitted and the script will wait
for the scan to complete before continuing.
|
|
|
|
Add a separate video page for listing uploaded videos. The thumbnail
endpoint now supports generating video thumbnails using
ffmpegthumbnailer.
|
|
JPEG does not support alpha channels, so remove RGBA from the list of
valid modes.
|
|
|
|
|
|
For some reason chrome sometimes does two requests on redirect, where
the first in unused, causing the second to hang because we only process
one request at a time.
|
|
Also updated the API (previously help) page.
|
|
|
|
Highlights:
- Uses the oauth branch of jab.
- Changed design to use bootstrap.
- Some minor changes to functionality in file uploading and listing.
- API is currently disabled and incomplete.
|
|
For small files the file attribute is a StringIO object instead of a
NamedTemporaryFile. For cStringIO we're not allowed to set the delete
attribute, so check wether the object already has a delete attribute
before attempting to set it.
|
|
|
|
This fixes multipart upload where temporary files are created for all
fields. Instead we explicitly set the uploaded file itself to not be
auto-deleted. This doesn't work on Windows (see NamedTemporaryFile for
more details).
|
|
|
|
This API method checks whether the provided token is valid or not.
|
|
Replaced jquery-lazyload with jquery.lazy which provides an onError
event handler.
|
|
|
|
|