diff options
| author | Filipp Lepalaan <filipp@mac.com> | 2015-12-05 14:27:15 +0200 |
|---|---|---|
| committer | Filipp Lepalaan <filipp@mac.com> | 2015-12-05 14:27:15 +0200 |
| commit | 98f2848dc4618e8f5373bcdf2b85dac3ee28db0c (patch) | |
| tree | 3e3faa2295a820177b95977649d62a149bbebc45 /servo | |
| parent | ea3518103895ad380d531502e32b03edf14cde47 (diff) | |
| download | Servo-98f2848dc4618e8f5373bcdf2b85dac3ee28db0c.tar.gz Servo-98f2848dc4618e8f5373bcdf2b85dac3ee28db0c.tar.bz2 Servo-98f2848dc4618e8f5373bcdf2b85dac3ee28db0c.zip | |
Only accept HTML order templates
Diffstat (limited to 'servo')
| -rw-r--r-- | servo/forms/admin.py | 9 | ||||
| -rw-r--r-- | servo/lib/utils.py | 5 |
2 files changed, 14 insertions, 0 deletions
diff --git a/servo/forms/admin.py b/servo/forms/admin.py index 5118fc0..e69c12e 100644 --- a/servo/forms/admin.py +++ b/servo/forms/admin.py @@ -164,6 +164,15 @@ class QueueForm(BaseModelForm): self.fields['status_dispatched'].queryset = queryset self.fields['status_closed'].queryset = queryset + def clean_order_template(self): + from servo.lib.utils import file_type + tpl = self.cleaned_data.get('order_template') + ftype = file_type(tpl.file.read()) + if ftype != 'text/html': + raise forms.ValidationError(_('Print tempates must be in HTML format')) + + return tpl + class StatusForm(BaseModelForm): class Meta: diff --git a/servo/lib/utils.py b/servo/lib/utils.py index 6644a7e..2994fb3 100644 --- a/servo/lib/utils.py +++ b/servo/lib/utils.py @@ -8,6 +8,11 @@ from django.core.serializers.json import DjangoJSONEncoder from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger +def file_type(buf): + import magic + return magic.from_buffer(buf, mime=True) + + def paginate(queryset, page, count=10): """ Shortcut for paginating a queryset |