External Exam Download Resources Web Applications Games Recycle Bin

folder traversal

Remember to create a new static folder for script to work:

file_operations.py

from flask import *
import os, sys
app = Flask(__name__)

hdd_location = os.path.dirname(os.path.realpath(sys.argv[0]))
current_folder = "/static/"

#-- UPLOAD FILES:
@app.route("/upload", methods=["POST"])
def upload():
    file = request.files["fileToUpload"]
    file.save(os.path.join(hdd_location + current_folder, file.filename))
    return redirect("/")

#-- DELETE FILES:
@app.route("/delete", methods=["POST"])
def delete():
    filename = request.form["delete"]
    os.remove(os.path.join(hdd_location + filename))
    return redirect("/")

#-- CREATE FOLDERS:
@app.route("/create", methods=["POST"])
def create():
    folder = request.form["folderToCreate"]
    os.makedirs(os.path.join(hdd_location + current_folder, folder))
    return redirect("/")

#-- NAV DOWN FOLDER:
def goDownFolder(origin):
    temp = current_folder.split("/") #['',static,first,second,'']
    temp = list(filter(None, temp)) #[static,first,second]
    return "/" + ('/'.join(temp[:-1:])) + "/" #/static/first/

#-- NAV FOLDER:
@app.route("/traverse", methods=["POST"])
def traverse():
    global current_folder
    requested_folder = request.form["traverseToFolder"]
    if requested_folder == "..": #go down folder
        if current_folder == "/static/": #if not at /static/:
            return redirect("/") 
        else:
            current_folder = goDownFolder(current_folder)        
    else:
        current_folder = current_folder + requested_folder + "/"
    return redirect("/")

@app.route("/")
def start():
    return render_template("file_operations.html",
                           items=getItems(),
                           folder=current_folder)

def getItems():
    fileList = []
    folderList = []
    for item in os.scandir(hdd_location + current_folder):
        if not item.name.startswith('.') and item.is_file():
            if current_folder == '/static/':
                fileList.append(item.name)
            else:
                #remove '/static/' as this is root of application:
                temp = current_folder.replace("/static/","") 
                temp = temp + item.name
                fileList.append(temp)
        else:
            folderList.append(item.name)
    return [fileList, folderList]

app.run(debug=True)

templates\file_operations.html

<style> form { border: 2px solid black; width: 200px; } </style>

<h1>{{folder}}</h1>

<!-- UPLOAD FILES: -->
<form action="/upload" method="post" enctype="multipart/form-data">
  <input type="file" name="fileToUpload" id="fileToUpload"><br>
  <input type="submit" value="upload file" name="submit">
</form><br>

<!-- DISPLAY FILES: -->
<form action="/delete" method="post">
{% for each in items[0] %}
  <a href="{{ url_for('static', filename=each) }}">{{each}}</a>
  <button type="submit" name="delete" value="{{ url_for('static', filename=each) }}">del</button><br>
{% endfor %}
</form><br>

<!-- DISPLAY FOLDERS: -->
<form action="/traverse" method="post">
  <button type="submit" name="traverseToFolder" value="..">..</button><br>
{% for each in items[1] %}
  <button type="submit" name="traverseToFolder" value="{{each}}">{{each}}</button><br>
{% endfor %}
</form><br>

<!-- MAKE FOLDERS: -->
<form action="/create" method="post">
  <input type="text" name="folderToCreate" id="folderToCreate"><br>
  <input type="submit" value="create folder" name="submit">
</form><br>