Logo Search packages:      
Sourcecode: zope-attachmentfield version File versions  Download package

def AttachmentField::AttachmentFieldTool::AttachmentFieldTool::manageDownload (   self,
  context,
  traverse_subpath 
)

    Manage downlad mechanism (headers, etc)

Definition at line 138 of file AttachmentFieldTool.py.

00138                                                        :
        """
            Manage downlad mechanism (headers, etc)
        """

        request = context.REQUEST
        response = request.RESPONSE

        if len(traverse_subpath) != 1:
            raise BadRequest("Attachment download called with wrong reference.")

        fieldName = traverse_subpath[0]
        field = context.getField(fieldName)

        if not field:
            raise BadRequest("Attachment download called on unexistent field: %s" % fieldName)
        elif hasattr(field, 'getFields'):
            index = int(request.form.get(name))
            field = field.getFields()[index + 1]


        widget = field.widget
        if hasattr(widget, "contentDisposition"):
            if widget.contentDisposition in self.getAvailableContentDisposition():
                ## disposition is defined by widget
                disposition = widget.contentDisposition
            else:
                raise ValueError(
                    "contentDisposition %s is not in %s." % (
                        widget.contentDisposition, self.getAvailableContentDisposition()
                    )
                )
        else:
            ## default site wide choice
            disposition = self.getContentDisposition()

        ## We have to force disposition to "attachment" when content type is text/*
        ## Alexander Limi said:
        ## Crucially, absolutely NO files with the MIME type text/* should ever be  
        ## rendered inline, since this opens up for uploading HTML files and using  
        ## them as spam redirection URLs. Internet Explorer renders anything with  
        ## text/* as HTML, so it is not sufficient to just block text/html,  
        ## unfortunately.

        contentType = field.getContentType(context)
        if contentType.startswith("text/"):
            disposition = "attachment"

        result = field.download(context, request)

        response.setHeader(
            'Content-Disposition',
            '%s; filename="%s"' % (disposition, field.getFilename(context))
        )
        return result


InitializeClass(AttachmentFieldTool)
InitializeClass(AttachmentFieldTool)


Generated by  Doxygen 1.6.0   Back to index