# cmpl-censor-0.2.0\cmpl_censor\web\pub.py
@bp.route("/upload", methods=["POST"])
@user_check
def upload():
print('启动上传程序')
# '''
# pub文件分两级存储:
# 第一级用pub文件名第一个字符为目录名
# 第二级为pub文件(通过uuid+md5计算得出)
# '''
try:
f = request.files["file"]
hl = hashlib.md5()
hl.update(str(uuid1()).encode(encoding="utf-8"))
pub = hl.hexdigest()
pub_dir = os.path.join(config_site.dict["pub_dir"], pub[0])
# 确认建立第一级目录
Util.mkdirs(pub_dir)
# 第二级目录以pub为文件名
path = os.path.join(pub_dir, pub)
f.save(path)
filename = f.filename
# 简单转义——防注入,不够完备,待后续优化
filename = DBUtil.simple_escape(filename)
size = Util.dir_size(path)
# pub文件在DB中归档,备查备下载
sql = "insert into pubs (pub, author, author_addr, filename, size) values('{}', '{}', '{}', '{}', '{}')"\
.format(pub, g.user.name, request.remote_addr, filename, size)
result, msg = DBUtil.execute(sql)
if (not result) or (int(msg) == 0):
flash("上传失败,请联系信息管理部!")
os.remove(path)
return redirect(url_for("pub.index"))
except Exception as e:
print(e)
return str(e)
参考二:https://www.jb51.net/article/145808.htm