folder traversal
Remember to create a new static folder for script to work:
file_operations.py
from flask import *import os, sysapp = Flask(__name__)hdd_location = os.path.dirname(os.path.realpath(sys.argv[0]))current_folder = "/static/"#-- UPLOAD FILES:@app.route("/upload", methods=["POST"])def upload():file = request.files["fileToUpload"]file.save(os.path.join(hdd_location + current_folder, file.filename))return redirect("/")#-- DELETE FILES:@app.route("/delete", methods=["POST"])def delete():filename = request.form["delete"]os.remove(os.path.join(hdd_location + filename))return redirect("/")#-- CREATE FOLDERS:@app.route("/create", methods=["POST"])def create():folder = request.form["folderToCreate"]os.makedirs(os.path.join(hdd_location + current_folder, folder))return redirect("/")#-- NAV DOWN FOLDER:def goDownFolder(origin):temp = current_folder.split("/") #['',static,first,second,'']temp = list(filter(None, temp)) #[static,first,second]return "/" + ('/'.join(temp[:-1:])) + "/" #/static/first/#-- NAV FOLDER:@app.route("/traverse", methods=["POST"])def traverse():global current_folderrequested_folder = request.form["traverseToFolder"]if requested_folder == "..": #go down folderif current_folder == "/static/": #if not at /static/:return redirect("/")else:current_folder = goDownFolder(current_folder)else:current_folder = current_folder + requested_folder + "/"return redirect("/")@app.route("/")def start():return render_template("file_operations.html",items=getItems(),folder=current_folder)def getItems():fileList = []folderList = []for item in os.scandir(hdd_location + current_folder):if not item.name.startswith('.') and item.is_file():if current_folder == '/static/':fileList.append(item.name)else:#remove '/static/' as this is root of application:temp = current_folder.replace("/static/","")temp = temp + item.namefileList.append(temp)else:folderList.append(item.name)return [fileList, folderList]app.run(debug=True)
templates\file_operations.html
form { border: 2px solid black; width: 200px; }{{folder}}<!-- UPLOAD FILES: -->action="/upload" method="post" enctype="multipart/form-data"type="file" name="fileToUpload" id="fileToUpload"type="submit" value="upload file" name="submit"<!-- DISPLAY FILES: -->action="/delete" method="post"{% for each in items[0] %}href="{{ url_for('static', filename=each) }}">{{each}}type="submit" name="delete" value="{{ url_for('static', filename=each) }}">del{% endfor %}<!-- DISPLAY FOLDERS: -->action="/traverse" method="post"type="submit" name="traverseToFolder" value=".."..{% for each in items[1] %}type="submit" name="traverseToFolder" value="{{each}}">{{each}}{% endfor %}<!-- MAKE FOLDERS: -->action="/create" method="post"type="text" name="folderToCreate" id="folderToCreate"type="submit" value="create folder" name="submit"