Django的可疑行动

tso*_*ran 28 python django

我在尝试删除上传的图片时遇到了问题.

错误是这样的:

SuspiciousOperation: Attempted access to '/media/artists/12-stones/154339.jpg' denied.
Run Code Online (Sandbox Code Playgroud)

看完后看起来错误是因为它正在寻找错误位置的图像(注意第一个斜杠,/ media /文件系统上不存在)

我的MEDIA_ROOT和MEDIA_URL是:

MEDIA_ROOT = '/home/tsoporan/site/media/'
MEDIA_URL = "/media/
Run Code Online (Sandbox Code Playgroud)

我的模型upload_to参数传递了这个函数:

def get_artist_path(instance, filename):
  return os.path.join('artists', slugify(instance.name), filename)
Run Code Online (Sandbox Code Playgroud)

我的问题是:

1)如何解决此问题以备将来上传?

2)是否可以修复当前图像的路径而无需重新上载?

此致,提图斯

Pho*_*beB 58

当我在upload_to定义中添加一个前导斜杠时出现此错误.

pic = models.ImageField(upload_to="/uploads/product_images/")
Run Code Online (Sandbox Code Playgroud)

pic = models.ImageField(upload_to="uploads/product_images/")
Run Code Online (Sandbox Code Playgroud)


Pet*_*ell 30

好吧,代码中的一点点问题表明,可能存在一个更深层次的错误消息,在此过程中会出现同质化.

在django/core/files/storage.py,第210行(这是在1.1.1中)我们有:

def path(self, name):
    try:
        path = safe_join(self.location, name)
    except ValueError:
        raise SuspiciousOperation("Attempted access to '%s' denied." % name)
    return smart_str(os.path.normpath(path))
Run Code Online (Sandbox Code Playgroud)

所以错误必须来自safe_join().

在django/utils/_os.py中,我们有以下内容.注意它在第三行到最后一行引发的ValueError:

===========================

def safe_join(base, *paths):
    """
    Joins one or more path components to the base path component intelligently.
    Returns a normalized, absolute version of the final path.

    The final path must be located inside of the base path component (otherwise
    a ValueError is raised).
    """
    # We need to use normcase to ensure we don't false-negative on case
    # insensitive operating systems (like Windows).
    base = force_unicode(base)
    paths = [force_unicode(p) for p in paths]
    final_path = normcase(abspathu(join(base, *paths)))
    base_path = normcase(abspathu(base))
    base_path_len = len(base_path)
    # Ensure final_path starts with base_path and that the next character after
    # the final path is os.sep (or nothing, in which case final_path must be
    # equal to base_path).
    if not final_path.startswith(base_path) \
       or final_path[base_path_len:base_path_len+1] not in ('', sep):
        raise ValueError('the joined path is located outside of the base path'
                         ' component')
    return final_path
Run Code Online (Sandbox Code Playgroud)

==================

嗯,"连接路径位于基本路径组件之外".现在有一些对abspathu()的调用(在此例程之上定义,对于NT而言与其他操作系统不同).abspathu()通过添加当前工作目录os.cwdu()将所有非绝对路径转换为绝对路径.

问题:您的媒体目录中是否有符号链接(符号链接)?换句话说,它不是项目目录的直接子项?我不知道这是否是一个有效的问题,它只是突然出现在我脑海中.

问:什么self.locationname正在传递到safe_join()?

狂野屁股猜测:是self.location空的?

另一个疯狂的猜测:MEDIA_ROOT以某种方式改变了/media/吗?

如果您安装了自己的Django副本(这并不难),尝试在这些例程中添加一些print语句,然后将其作为开发服务器运行.打印输出将转到控制台.

更新:嗯.你说"2)self.location和name的值是:/ home/tsoporan/site/media和/media/albums/anthem-for-the-underdog/30103635.jpg"

以下路径是否有意义?

"/home/tsoporan/site/media/media/albums/anthem-for-the-underdog"
Run Code Online (Sandbox Code Playgroud)

请注意....../media/media/...在那里.

另外,这是什么操作系统?Django转?


Mat*_*our 12

作为其他人的注意事项,当您在寻找的静态文件资源中有一个双重"//"时,可能会导致此问题.

{{ STATIC_URL }}/style.css # Causes the issue it should be
{{ STATIC_URL }}style.css
Run Code Online (Sandbox Code Playgroud)