From 35e8a09d9749814d04f4a5438858c29240df89a9 Mon Sep 17 00:00:00 2001
From: hjdhnx <hjd124579>
Date: Wed, 31 Aug 2022 15:16:23 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BA=86=E6=96=87=E4=BB=B6?=
 =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=A0=A1=E9=AA=8C,=E9=9D=9E=E8=A7=84?=
 =?UTF-8?q?=E5=88=99=E6=96=87=E4=BB=B6=E4=B8=8D=E4=BC=9A=E6=88=90=E5=8A=9F?=
 =?UTF-8?q?=E4=B8=8A=E4=BC=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py               | 15 ++++++++++++++-
 templates/admin.html | 12 +++++++++---
 2 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/app.py b/app.py
index c49ccd1..f6644ca 100644
--- a/app.py
+++ b/app.py
@@ -155,11 +155,24 @@ def upload_file():
     if request.method == 'POST':
         try:
             f = request.files['file']
+            # print(f)
             # print(request.files)
             filename = secure_filename(f.filename)
-            savePath = f'js/{filename}'
+            print(f'推荐安全文件命名:{filename}')
+            # savePath = f'js/{filename}'
+            savePath = f'js/{f.filename}'
+            # print(savePath)
             if os.path.exists(savePath):
                 return jsonify(error.failed(f'上传失败,文件已存在,请先查看删除再试'))
+            with open('js/模板.js', encoding='utf-8') as f2:
+                before = f2.read()
+            upcode = f.stream.read().decode('utf-8')
+            check_to_run = before + upcode
+            # print(check_to_run)
+            try:
+                js2py.eval_js(check_to_run)
+            except:
+                return jsonify(error.failed('文件上传失败,检测到上传的文件不是drpy框架支持的源代码'))
             # print(savePath)
             f.save(savePath)
             return jsonify(error.success('文件上传成功'))
diff --git a/templates/admin.html b/templates/admin.html
index 446b944..0563813 100644
--- a/templates/admin.html
+++ b/templates/admin.html
@@ -82,12 +82,17 @@
             console.log(file_data);
             if(!file_data){
                 alert('文件必选');
-                return
+                return false
+            }
+            var name = file_data.name;
+            if(!name.endsWith('.js')){
+                alert('仅支持上传js文件');
+                return false
             }
             var form_data = new FormData();
             // 把所有表单信息
             form_data.append("id", "001");
-            form_data.append("name", file_data.name);
+            form_data.append("name", name);
             form_data.append("file", file_data);
             $.ajax({
                 type: "POST",
@@ -117,7 +122,8 @@
 <h2 class="title">欢迎使用py_dr管理员界面</h2><h4><a href="/index">返回首页</a></h4>
 <p>你可以在此页面在线上传规则文件到js目录或者删除js目录的文件</p>
  <form action = "/upload" method = "POST" enctype = "multipart/form-data">
-     <input type = "file" name = "file" class="btn" accept=".js"  onchange="getFileSize(this)"/>
+<!--     <input type = "file" name = "file" class="btn" accept=".js"  onchange="getFileSize(this)"/>-->
+     <input type = "file" name = "file" class="btn" onchange="getFileSize(this)"/>
 <!--     <input type = "submit" value="上传" class="btn"/>-->
      <input type="button" id="upload" value="上传" class="btn"/>
 </form>
-- 
GitLab