我会将代码输入存储在 CharField 中,然后创建一个单独的函数来访问模型,如果代码不包含任何有害方法,则将其写入文件。
这负责创建文件(因为空白 CharField 将简单地输出到空文件)并允许委托给安全检查器。您的设置将如下所示: 型号:
class MyModel(models.Model):
name = models.CharField(max_length=255)
code = models.CharField(MAX_FILE_LENGTH)
看法:
def Submit_Code(request):
#Create MyModel using POST data
process_input_file(NEWLY_CREATED_MODEL_NAME)
return HttpResponse("Upload Successful")
def process_input_file(modelName):
#assuming unique name. Use "id=" instead if needed.
mm = MyModel.objects.get(name=modelName)
if passes_security_checks(mm.code):
f = open(mm.name, "r")
f.write(mm.code)
f.close()
编辑
新视图:
def Submit_Code(request):
mm = MyModel()
mm.name = request.POST.get('name')
f = open(mm.name,"r")
f.write(request.POST.get('code')
f.close()
#then associate the newly created file with the FileField however you want
#passing through authentication/checking if need be.
return HttpResponse("Upload Successful")