23

我正在试验一个允许用户上传音频文件的网站。我已经阅读了所有可以使用的文档,但找不到太多关于验证文件的信息。

这里的总新手(以前从未做过任何类型的文件验证)并试图弄清楚这一点。有人可以握住我的手,告诉我我需要知道什么吗?

与往常一样,提前感谢您。

4

1 回答 1

27

您想在将文件写入磁盘之前对其进行验证。当您上传文件时,表单会得到验证,然后上传的文件会被传递给处理实际写入服务器磁盘的处理程序/方法。因此,在这两个操作之间,您需要执行一些自定义验证以确保它是有效的音频文件

你可以:

  • 检查文件是否小于一定大小(良好做法)
  • 然后检查提交的文件是否具有某种内容类型(即音频文件)
    • 这是非常没用的,因为有人可以很容易地欺骗它
  • 然后检查文件是否以某个扩展名(或扩展名)结尾
    • 这也没什么用
  • 尝试读取文件,看看它是否真的是音频

(我没有测试过这段代码)

模型.py

class UserSong(models.Model):
    title = models.CharField(max_length=100)
    audio_file = models.FileField()

表格.py

class UserSongForm(forms.ModelForm):
     # Add some custom validation to our file field
     def clean_audio_file(self):
         file = self.cleaned_data.get('audio_file',False):
         if file:
             if file._size > 4*1024*1024:
                   raise ValidationError("Audio file too large ( > 4mb )")
             if not file.content-type in ["audio/mpeg","audio/..."]:
                   raise ValidationError("Content-Type is not mpeg")
             if not os.path.splitext(file.name)[1] in [".mp3",".wav" ...]:
                   raise ValidationError("Doesn't have proper extension")
             # Here we need to now to read the file and see if it's actually 
             # a valid audio file. I don't know what the best library is to 
             # to do this
             if not some_lib.is_audio(file.content):
                   raise ValidationError("Not a valid audio file")
             return file
         else:
             raise ValidationError("Couldn't read uploaded file")

views.py 来自 utils 导入 handle_uploaded_file

def upload_file(request):
    if request.method == 'POST':
        form = UserSongForm(request.POST, request.FILES)
        if form.is_valid():
            # If we are here, the above file validation has completed
            # so we can now write the file to disk
            handle_uploaded_file(request.FILES['file'])
            return HttpResponseRedirect('/success/url/')
    else:
        form = UploadFileForm()
    return render_to_response('upload.html', {'form': form})

实用程序.py

# from django's docs
def handle_uploaded_file(f):
    ext = os.path.splitext(f.name)[1]
    destination = open('some/file/name%s'%(ext), 'wb+')
    for chunk in f.chunks():
        destination.write(chunk)
    destination.close()

https://docs.djangoproject.com/en/dev/topics/http/file-uploads/#file-uploads https://docs.djangoproject.com/en/dev/ref/forms/fields/#filefield https: //docs.djangoproject.com/en/dev/ref/files/file/#django.core.files.File

于 2011-06-01T02:42:31.183 回答