Create a new file in the directory of the application and call it "extra.py" (you can give it a better name if you can think about one) and paste this code: Be sure to use a number for max_upload_size value, if you use a string it won't work.If you're replacing a File Field you won't need to re-sync your db, while if you are just adding this functionality to your model you will need to re-sync your db: Even if this method is effective to restrict the content-type, a malicious attacker could still rename a script or whatever to the supported filetype.That function creates a path and filename, using and the filename from the instance.
I'm certain I'm doing something really obviously stupid, but I've been trying to figure it out for a few hours now and nothing is jumping out at me. The two Image Fields do not work and they're why I'm here today.
I'm using a Model Form so I can expose a few fields from a model for editing. I'm using Django 1.0.2 Here's the relevant code (ask if you need more -- and I'm not including the HTML because that part appears to work fine): Model: def admin_edit(request, company_slug): company = get_object_or_404(Company, slug = company_slug) f = Admin Edit Form(instance = company) if request.method == 'POST': f = Admin Edit Form(request.
Even using this custom filefield a user can upload a huge file to the web server, that will be stored in the temporary directory before being rejected.
Only after the upload of the file is complete the system will return the validation error message and delete the file, this means that any user would be able to stress the server with an upload of a huge file (1 GB) for example.
import os # get abspath def rel(*x): return join(abspath(dirname(__file__)), *x) MEDIA_ROOT = rel('media') MEDIA_URL = '/media/' STATIC_URL = '/static/' STATIC_ROOT = '' #if only your static files are in project folder STATICFILES_DIRS = ( rel('static'),) #if only your static files are in project folder That's a bit weird statement. The settings declare where to find things, so whether it works depends on your path structure.