diff --git a/g3w-admin/base/settings/base.py b/g3w-admin/base/settings/base.py index 9b4426899..d64abc5e0 100644 --- a/g3w-admin/base/settings/base.py +++ b/g3w-admin/base/settings/base.py @@ -402,4 +402,7 @@ SOCIALACCOUNT_ONLY = True SOCIALACCOUNT_USER_ROLE = 'Viewer Level 1' -ACCOUNT_EMAIL_VERIFICATION = 'none' \ No newline at end of file +ACCOUNT_EMAIL_VERIFICATION = 'none' + +# For iframe +X_FRAME_OPTIONS = 'SAMEORIGIN' \ No newline at end of file diff --git a/g3w-admin/core/static/css/g3wadmin.css b/g3w-admin/core/static/css/g3wadmin.css index 22da77ea0..e7cba0f53 100644 --- a/g3w-admin/core/static/css/g3wadmin.css +++ b/g3w-admin/core/static/css/g3wadmin.css @@ -280,4 +280,13 @@ For general layout */ .pdl10 { padding-left: 10px; +} + +/* +For to reset the .form-control class effect + */ +input.uploadwidget { + border: none; + padding: 0px; + height: auto; } \ No newline at end of file diff --git a/g3w-admin/core/static/dist/css/g3wadmin.min.css b/g3w-admin/core/static/dist/css/g3wadmin.min.css index 147a3652a..3f4205d23 100644 --- a/g3w-admin/core/static/dist/css/g3wadmin.min.css +++ b/g3w-admin/core/static/dist/css/g3wadmin.min.css @@ -1 +1 @@ -.box-footer .description-block .icon{font-size:30px}.box-footer .projects-group{text-align:left}table span.icon{font-size:22px}table span.iconmap{font-size:30px}.icon .ion-trash-b,.qq-upload-cancel .ion-close,.qq-upload-delete .ion-trash-b{color:#bf2d2d}.icon .ion-trash-b:hover{color:#f28a7e}.icon .ion-android-upload{color:#605ca8}.widget-group-add{height:192px;text-align:center;font-size:136px;background-color:rgba(255,255,255,.7)}.widget-group-add a{color:rgba(0,0,0,.15)}.widget-group-title{background-color:rgba(0,0,0,.5)}.qq-upload-drop-area,.qq-upload-extra-drop-area{background-color:#ecf0f5;border:2px dotted gray}.qq-upload-list li{background-color:transparent}.qq-upload-list li.qq-upload-success{background-color:transparent;color:inherit}.qq-upload-list li.qq-upload-fail{background-color:transparent;color:red}.qq-upload-cancel,.qq-upload-continue,.qq-upload-delete,.qq-upload-pause,.qq-upload-retry,.qq-upload-size{font-size:18px;font-weight:400}.qq-upload-cancel,.qq-upload-delete{color:#bf2d2d}.qq-upload-file{font-size:12px}.qq-upload-button-selector{width:100%;height:120px;border:2px dashed #3c8dbc;padding-top:50px;color:#3c8dbc;text-align:center}.qq-upload-button-selector:hover{background-color:#ecf0f5}.select2{color:#000}.modalMap{height:400px}h5 small{color:#fff}.sort-highlight-group{background:#f4f4f4;border:1px dashed #ddd;margin-bottom:10px;height:192px}.sort-highlight-project{background:#ced4da;height:112px}.widget-user .widget-user-username{font-weight:400}.acl-box .help-block{color:#fff}.color-orange{color:#ff4500}.color-orange:hover{color:#ff4500;opacity:80%}.color-red{color:#bf2d2d}.color-red:hover{color:#bf2d2d;opacity:80%}.label-action-layer{position:absolute;top:-9px;right:1px;text-align:center;font-size:11px;padding:2px 3px;line-height:.9}#qdjango_projects_list table a.project-thumb:hover img{border:2px solid #ff4500}.search-admin-input{width:245px;padding-right:24px;border:none;border-bottom:2px solid #fff;color:#fff;background:0 0;font-size:20px}.search-admin-input::placeholder{color:#fff}.search-admin-input:focus{border-color:#fff}.result-search-item{margin-bottom:10px;margin-left:10px;margin-right:10px;padding:5px}.result-search-item-odd{background:#fff}.result-search-item-odd{background:#d8dee9}.result-search-item-links{font-size:150%}div.not-show li,div.vector-download li{list-style:none;box-sizing:border-box;display:list-item;padding:10px;padding-bottom:6px;padding-top:6px}div.not-show>ul.menu,div.vector-download>ul.menu{padding:0}.group-abstract-action,.project-abstract-action{margin-left:-10px}input[type=file]::file-selector-button{margin-right:20px;border:none;background:#00c0ef;padding:10px 20px;border-radius:2px;color:#fff;cursor:pointer;transition:background .2s ease-in-out}input[type=file]::file-selector-button:hover{background:#00acd6}.translate{border:1px dashed #069}.translate+div.note-editor{border:1px dashed #069}.translatable_fields{display:inline-block;width:40px;height:20px}a.layer-action{cursor:pointer}.register-box{width:720px;margin:7% auto}.recaptcha{padding-left:9px}.recaptcha-registration{padding-left:11.5px}.project_layers_action-content>div.row{font-size:16px;margin:-10px;margin-bottom:20px;margin-top:20px}.project_layers_action-content>div.row>div:first-child{text-align:right}.project_layers_action-content>div.row>div:last-child{font-size:22px}.dashboard-box-footer-icon{font-size:24px}.dashboard-box-footer-text{font-size:14px}.pholder-item{background:#fff;border:1px solid;border-color:#e5e6e9 #dfe0e4 #d0d1d5;border-radius:3px;padding:12px;margin:0 auto}@keyframes placeHolderShimmer{0%{background-position:-468px 0}100%{background-position:468px 0}}.animated-background{animation-duration:1s;animation-fill-mode:forwards;animation-iteration-count:infinite;animation-name:placeHolderShimmer;animation-timing-function:linear;background:#f6f7f8;background:linear-gradient(to right,#eee 8%,#ddd 18%,#eee 33%);background-size:800px 104px;height:96px;position:relative}.background-masker{background:#fff;position:absolute}.background-masker.header-bottom,.background-masker.header-top,.background-masker.subheader-bottom{top:0;left:40px;right:0;height:10px}.background-masker.header-left,.background-masker.header-right,.background-masker.subheader-left,.background-masker.subheader-right{top:10px;left:40px;height:8px;width:10px}.background-masker.header-bottom{top:18px;height:6px}.background-masker.subheader-left,.background-masker.subheader-right{top:24px;height:6px}.background-masker.header-right,.background-masker.subheader-right{width:auto;left:300px;right:0}.background-masker.subheader-right{left:230px}.background-masker.subheader-bottom{top:30px;height:10px}.background-masker.content-first-end,.background-masker.content-second-end,.background-masker.content-second-line,.background-masker.content-third-end,.background-masker.content-third-line,.background-masker.content-top{top:40px;left:0;right:0;height:6px}.background-masker.content-top{height:20px}.background-masker.content-first-end,.background-masker.content-second-end,.background-masker.content-third-end{width:auto;left:380px;right:0;top:60px;height:8px}.background-masker.content-second-line{top:68px}.background-masker.content-second-end{left:420px;top:74px}.background-masker.content-third-line{top:82px}.background-masker.content-third-end{left:300px;top:88px} \ No newline at end of file +.box-footer .description-block .icon{font-size:30px}.box-footer .projects-group{text-align:left}table span.icon{font-size:22px}table span.iconmap{font-size:30px}.icon .ion-trash-b,.qq-upload-cancel .ion-close,.qq-upload-delete .ion-trash-b{color:#bf2d2d}.icon .ion-trash-b:hover{color:#f28a7e}.icon .ion-android-upload{color:#605ca8}.widget-group-add{height:192px;text-align:center;font-size:136px;background-color:rgba(255,255,255,.7)}.widget-group-add a{color:rgba(0,0,0,.15)}.widget-group-title{background-color:rgba(0,0,0,.5)}.qq-upload-drop-area,.qq-upload-extra-drop-area{background-color:#ecf0f5;border:2px dotted gray}.qq-upload-list li{background-color:transparent}.qq-upload-list li.qq-upload-success{background-color:transparent;color:inherit}.qq-upload-list li.qq-upload-fail{background-color:transparent;color:red}.qq-upload-cancel,.qq-upload-continue,.qq-upload-delete,.qq-upload-pause,.qq-upload-retry,.qq-upload-size{font-size:18px;font-weight:400}.qq-upload-cancel,.qq-upload-delete{color:#bf2d2d}.qq-upload-file{font-size:12px}.qq-upload-button-selector{width:100%;height:120px;border:2px dashed #3c8dbc;padding-top:50px;color:#3c8dbc;text-align:center}.qq-upload-button-selector:hover{background-color:#ecf0f5}.select2{color:#000}.modalMap{height:400px}h5 small{color:#fff}.sort-highlight-group{background:#f4f4f4;border:1px dashed #ddd;margin-bottom:10px;height:192px}.sort-highlight-project{background:#ced4da;height:112px}.widget-user .widget-user-username{font-weight:400}.acl-box .help-block{color:#fff}.color-orange{color:#ff4500}.color-orange:hover{color:#ff4500;opacity:80%}.color-red{color:#bf2d2d}.color-red:hover{color:#bf2d2d;opacity:80%}.label-action-layer{position:absolute;top:-9px;right:1px;text-align:center;font-size:11px;padding:2px 3px;line-height:.9}#qdjango_projects_list table a.project-thumb:hover img{border:2px solid #ff4500}.search-admin-input{width:245px;padding-right:24px;border:none;border-bottom:2px solid #fff;color:#fff;background:0 0;font-size:20px}.search-admin-input::placeholder{color:#fff}.search-admin-input:focus{border-color:#fff}.result-search-item{margin-bottom:10px;margin-left:10px;margin-right:10px;padding:5px}.result-search-item-odd{background:#fff}.result-search-item-odd{background:#d8dee9}.result-search-item-links{font-size:150%}div.not-show li,div.vector-download li{list-style:none;box-sizing:border-box;display:list-item;padding:10px;padding-bottom:6px;padding-top:6px}div.not-show>ul.menu,div.vector-download>ul.menu{padding:0}.group-abstract-action,.project-abstract-action{margin-left:-10px}input[type=file]::file-selector-button{margin-right:20px;border:none;background:#00c0ef;padding:10px 20px;border-radius:2px;color:#fff;cursor:pointer;transition:background .2s ease-in-out}input[type=file]::file-selector-button:hover{background:#00acd6}.translate{border:1px dashed #069}.translate+div.note-editor{border:1px dashed #069}.translatable_fields{display:inline-block;width:40px;height:20px}a.layer-action{cursor:pointer}.register-box{width:720px;margin:7% auto}.recaptcha{padding-left:9px}.recaptcha-registration{padding-left:11.5px}.project_layers_action-content>div.row{font-size:16px;margin:-10px;margin-bottom:20px;margin-top:20px}.project_layers_action-content>div.row>div:first-child{text-align:right}.project_layers_action-content>div.row>div:last-child{font-size:22px}.pdl10{padding-left:10px}input.uploadwidget{border:none;padding:0;height:auto}.dashboard-box-footer-icon{font-size:24px}.dashboard-box-footer-text{font-size:14px}.pholder-item{background:#fff;border:1px solid;border-color:#e5e6e9 #dfe0e4 #d0d1d5;border-radius:3px;padding:12px;margin:0 auto}@keyframes placeHolderShimmer{0%{background-position:-468px 0}100%{background-position:468px 0}}.animated-background{animation-duration:1s;animation-fill-mode:forwards;animation-iteration-count:infinite;animation-name:placeHolderShimmer;animation-timing-function:linear;background:#f6f7f8;background:linear-gradient(to right,#eee 8%,#ddd 18%,#eee 33%);background-size:800px 104px;height:96px;position:relative}.background-masker{background:#fff;position:absolute}.background-masker.header-bottom,.background-masker.header-top,.background-masker.subheader-bottom{top:0;left:40px;right:0;height:10px}.background-masker.header-left,.background-masker.header-right,.background-masker.subheader-left,.background-masker.subheader-right{top:10px;left:40px;height:8px;width:10px}.background-masker.header-bottom{top:18px;height:6px}.background-masker.subheader-left,.background-masker.subheader-right{top:24px;height:6px}.background-masker.header-right,.background-masker.subheader-right{width:auto;left:300px;right:0}.background-masker.subheader-right{left:230px}.background-masker.subheader-bottom{top:30px;height:10px}.background-masker.content-first-end,.background-masker.content-second-end,.background-masker.content-second-line,.background-masker.content-third-end,.background-masker.content-third-line,.background-masker.content-top{top:40px;left:0;right:0;height:6px}.background-masker.content-top{height:20px}.background-masker.content-first-end,.background-masker.content-second-end,.background-masker.content-third-end{width:auto;left:380px;right:0;top:60px;height:8px}.background-masker.content-second-line{top:68px}.background-masker.content-second-end{left:420px;top:74px}.background-masker.content-third-line{top:82px}.background-masker.content-third-end{left:300px;top:88px} \ No newline at end of file diff --git a/g3w-admin/filemanager/filemanager.py b/g3w-admin/filemanager/filemanager.py index 859560b5c..5f642df7f 100644 --- a/g3w-admin/filemanager/filemanager.py +++ b/g3w-admin/filemanager/filemanager.py @@ -6,7 +6,7 @@ from django.core.files.base import ContentFile from core.utils.response import send_file from core.utils.request import is_ajax -from qdjango.utils.storage import OverwriteStorage +from .utils.storage import FileManagerOverwriteStorage from .filemanagerresponse import FileManagerResponse import os import shutil @@ -31,7 +31,7 @@ def __init__(self, request, root_folder=None): if root_folder: self.root = root_folder - self.storage = OverwriteStorage(location=root_folder) + self.storage = FileManagerOverwriteStorage(location=root_folder) def fileManagerError(self, title='FORBIDDEN_CHAR_SLASH', path='/'): return self.error(title, path) diff --git a/g3w-admin/filemanager/utils/__init__.py b/g3w-admin/filemanager/utils/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/g3w-admin/filemanager/utils/storage.py b/g3w-admin/filemanager/utils/storage.py new file mode 100644 index 000000000..7d3a42002 --- /dev/null +++ b/g3w-admin/filemanager/utils/storage.py @@ -0,0 +1,40 @@ +# coding=utf-8 +"""" +File storage for filemanager module +.. note:: This program is free software; you can redistribute it and/or modify + it under the terms of the Mozilla Public License 2.0. + +""" + +__author__ = 'lorenzetti@gis3w.it' +__date__ = '2025-01-18' +__copyright__ = 'Copyright 2015 - 2025, Gis3w' +__license__ = 'MPL 2.0' + +from django.core.files import File +from qdjango.utils.storage import OverwriteStorage + + +class FileManagerOverwriteStorage(OverwriteStorage): + """ + Custom storage for filemanager module + """ + + def save(self, name, content, max_length=None): + """ + Override save method for bypass trasversal storage file checking + """ + # Get the proper name for the file, as it will actually be saved. + if name is None: + name = content.name + + if not hasattr(content, "chunks"): + content = File(content, name) + + # Potentially find a different name depending on storage constraints. + name = self.get_available_name(name, max_length=max_length) + + # The save operation should return the actual name of the file saved. + name = self._save(name, content) + + return name \ No newline at end of file diff --git a/g3w-admin/qdjango/utils/storage.py b/g3w-admin/qdjango/utils/storage.py index ae454dbb6..0e2e4718f 100644 --- a/g3w-admin/qdjango/utils/storage.py +++ b/g3w-admin/qdjango/utils/storage.py @@ -22,9 +22,4 @@ def get_available_name(self, name, max_length=None): class QgisFileOverwriteStorage(OverwriteStorage): - - pass - ''' - def url(self, name): - return reverse('qdjango-project-download', args=(name,)) - ''' \ No newline at end of file + pass \ No newline at end of file