python - SuspiciousOperation using sorl-thumbnail -



python - SuspiciousOperation using sorl-thumbnail -

i have django web application accesses , manipulates several server filesystems (e.g. /fs01, /fs02, etc.) on behalf of user. i'd nowadays thumbnails of images on filesystems user, , thought sorl-thumbnail way it.

it seems though images must under media_root sorl-thumbnail create thumbnails. media_root /users/me/dev/myproject/myproj/media, works:

path = "/users/me/dev/myproject/myproj/media/pipe-img/magritte-pipe-large.jpg" try: im = get_thumbnail(path, '100x100', crop='center', quality=99) except exception, e: exc_type, exc_obj, exc_tb = sys.exc_info() print "failed getting thumbnail: (%s) %s" % (exc_type, e) print "im.url = %s" % im.url

it creates thumbnail , prints im.url, i'd expect. when alter path to:

path = "/fs02/dir/ep340102/foo/2048x1024/magritte-pipe-large.jpg"

it fails with:

failed getting thumbnail: (<class 'django.core.exceptions.suspiciousoperation'>) attempted access '/fs02/dir/ep340102/foo/2048x1024/magritte-pipe-large.jpg' denied.

is there way solve this? can utilize sorl-thumbnail create thumbnails i'd under these other filesystems (e.g. /fs01, /fs02, /fs03, etc.)? there improve approach?

update. here's total stack trace:

environment: request method: request url: http://localhost:8000/pipe/file_selection/ django version: 1.4.1 python version: 2.7.2 installed applications: ('django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.admin', 'django.contrib.admindocs', 'django.contrib.humanize', 'django.contrib.messages', 'pipeproj.pipe', 'south', 'guardian', 'sorl.thumbnail') installed middleware: ('django.middleware.common.commonmiddleware', 'django.contrib.sessions.middleware.sessionmiddleware', 'django.contrib.auth.middleware.authenticationmiddleware', 'django.contrib.messages.middleware.messagemiddleware') traceback: file "/library/python/2.7/site-packages/django/core/handlers/base.py" in get_response 111. response = callback(request, *callback_args, **callback_kwargs) file "/library/python/2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view 20. homecoming view_func(request, *args, **kwargs) file "/users/dylan/dev/pipe/pipeproj/../pipeproj/pipe/views/data.py" in file_selection 184. im = get_thumbnail(path, '100x100', crop='center', quality=99) file "/library/python/2.7/site-packages/sorl_thumbnail-11.12-py2.7.egg/sorl/thumbnail/shortcuts.py" in get_thumbnail 8. homecoming default.backend.get_thumbnail(file_, geometry_string, **options) file "/library/python/2.7/site-packages/sorl_thumbnail-11.12-py2.7.egg/sorl/thumbnail/base.py" in get_thumbnail 56. source_image = default.engine.get_image(source) file "/library/python/2.7/site-packages/sorl_thumbnail-11.12-py2.7.egg/sorl/thumbnail/engines/pil_engine.py" in get_image 12. buf = stringio(source.read()) file "/library/python/2.7/site-packages/sorl_thumbnail-11.12-py2.7.egg/sorl/thumbnail/images.py" in read 121. homecoming self.storage.open(self.name).read() file "/library/python/2.7/site-packages/django/core/files/storage.py" in open 33. homecoming self._open(name, mode) file "/library/python/2.7/site-packages/django/core/files/storage.py" in _open 156. homecoming file(open(self.path(name), mode)) file "/library/python/2.7/site-packages/django/core/files/storage.py" in path 246. raise suspiciousoperation("attempted access '%s' denied." % name) exception type: suspiciousoperation @ /pipe/file_selection/ exception value: attempted access '/fs02/dir/ep340102/foo/2048x1024/bettina.jpg' denied.

the suspiciousoperation filesystemstorage.path() here:

def path(self, name): try: path = safe_join(self.location, name) except valueerror: raise suspiciousfileoperation("attempted access '%s' denied." % name) homecoming os.path.normpath(path)

it originates in safe_join() has test:

if (not normcase(final_path).startswith(normcase(base_path + sep)) , ...

this means computed filename must exist within configured thumbnail storage. default settings.thumbnail_storage settings.default_file_storage filesystemstorage stores files in settings.media_root.

you should able utilize different storage path thumbnails defining storage class:

from django.core.files.storage import filesystemstorage class thumbnailstorage(filesystemstorage): def __init__(self, **kwargs): super(thumbnailstorage, self).__init__( location='/fs02', base_url='/fs02')

then in settings.py

thumbnail_storage = 'myproj.storage.thumbnailstorage'

you'll need create sure serving /fs02 @ url:

if settings.debug: patterns += patterns('', url(r'^fs02/(?p<path>.*)$', 'django.views.static.serve', {'document_root': '/fs02'}))

note thumbnails created /fs02/cache/... per default thumbnail_prefix

python django exception thumbnails sorl-thumbnail

Comments

Post a Comment

Popular posts from this blog

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer -

web services - java.lang.NoClassDefFoundError: Could not initialize class net.sf.cglib.proxy.Enhancer - when trying request rest service @ time of response getting exception.. feb 21, 2013 2:34:49 pm com.sun.jersey.spi.container.containerresponse mapmappablecontainerexception severe: exception contained within mappablecontainerexception not mapped response, re-throwing http container java.lang.noclassdeffounderror: not initialize class net.sf.cglib.proxy.enhancer @ org.hibernate.proxy.pojo.cglib.cgliblazyinitializer.getproxyfactory(cgliblazyinitializer.java:117) @ org.hibernate.proxy.pojo.cglib.cglibproxyfactory.postinstantiate(cglibproxyfactory.java:43) @ org.hibernate.tuple.entity.pojoentitytuplizer.buildproxyfactory(pojoentitytuplizer.java:162) @ org.hibernate.tuple.entity.abstractentitytuplizer.<init>(abstractentitytuplizer.java:135) @ org.hibernate.tuple.entity.pojoentitytuplizer.<init>(pojoentitytuplizer.java:55) @ org.hibernate.tuple.e...
Read more

Accessing MATLAB's unicode strings from C -

Accessing MATLAB's unicode strings from C - how can access underlying unicode info of matlab strings through matlab engine or mex c interfaces? here's example. let's set unicode characters in utf-8 encoded file test.txt, read as fid=fopen('test.txt','r','l','utf-8'); s=fscanf(fid, '%s') in matlab. now if first feature('defaultcharacterset', 'utf-8') , c engevalstring(ep, "s") , output text file utf-8. proves matlab stores unicode internally. if mxarraytostring(enggetvariable(ep, "s")) , unicode2native(s, 'latin-1') give me in matlab: non-latin-1 characters replaced character code 26. need getting access underlying unicode info c string in unicode format (utf-8, utf-16, etc.), , preserving non-latin-1 characters. is possible? my platform os x, matlab r2012b. addendum: documentation explicitly states "[mxarraytostring()] supports multibyte encoded characters...
Read more

javascript - mongodb won't find my schema method in nested container -

javascript - mongodb won't find my schema method in nested container - i trying access method of schema stored within mixed container. here situation : have cases model can many different things, have schema each of these things stored in "casecontent" mixed property. var caseschema = mongoose.schema({ casecontent : {}, object : {type:string, default : "null"}, collision : {type : boolean, default : false} }); the casecontent property filled model of 1 of schemas, 1 exemple : var treeschema = new mongoose.schema({ applecount : {type : number, default : 3} }); treeschema.methods.dostuff = function (data) { console.log('hey, listen'); homecoming true; }; then, want utilize method of schema original container : caseschema.methods.dostuff = function (data) { if (this.casecontent.dostuff !== undefined) { this.casecontent.dostuff(); console.log('it worked'); } else { ...
Read more