sanitize相关知识
-
DVWA系列(二)存储型XSS存储型xss与反射型xss的区别在于存储型会将用户输入的数据存入服务器,在用户下一次点击时便会触发,由于其隐蔽性较高,所以危害也普遍大于反射型xss。 首先来看low级别的源代码 <?php if( isset( $_POST[ 'btnSign' ] ) ) { // Get input $message = trim( $_POST[ 'mtxMessage' ] ); $name = trim( $_POST[ 'txtName' ] ); // Sanitize message input $message = stripslashes( $message ); $message = ((isset($GLOBALS["___mysqli_ston"]) && is_o
-
Docker之鲸鱼镜像(三)开心一笑【到底谁特么的蓝牙名叫“一只老母猪”!!!每次我开蓝牙,系统就提示“一只老母猪要和你配对”!!】**提出问题******Docker镜像都有那些内容???解决问题下面来自《Docker从入门到实战》这边书的笔记:从仓库获取镜像//获取redis镜像root@ubuntu:~# sudo docker pull redis:latest该命令相当于:root@ubuntu:~# sudo docker pull registry.hub.docker.com/redis:latest 命令,即从注册服务器 registry.hub.docker.com列出本地镜像root@ubuntu:~# docker images列出镜像列表信息中,有几个信息:REPOSITORY &nbs
-
超文本传输协议(HTTP)介绍超文本传输协议(HyperText Transfer Protocol,HTTP)是从服务器传输数据到客户端的传输协议。 HTTP 的主要特点 支持客户/服务器模式。 简单快速:客户向服务器请求服务时,只需传送请求方法和路径。由于HTTP协议简单,使得HTTP服务器的程序规模小,因而通信速度很快。 灵活:HTTP允许传输任意类型的数据对象。传输
-
MySQL 查看与修改默认字符集查看MySQL默认字符集 SHOW VARIABLES LIKE 'character%' ; character_set_client 为客户端编码方式 character_set_connection 为建立连接使用的编码 character_set_database 数据库的编码 character_set_results 结果集的编码 character_set_server 数据库服务器的编码 只要保证统采用的编码方式一致,就可以避免乱码的产生 设置 MySQL 默认字符集 打开 my.ini 配置文件,添加以下内容: [mysql] default-character-set=utf8 [client] default-character-set=utf8 [m
sanitize相关课程
sanitize相关教程
- 2.1 Django 中和上传文件相关的基础类 这一节主要是来分析下 Django 中和上传文件相关的代码。首先介绍下几个基础类:FileProxyMixin 类:用于辅助文件上传的 mixin 类。来看看其源码长相:# 源码路径: django/core/files/utils.pyclass FileProxyMixin: """ A mixin class used to forward file methods to an underlaying file object. The internal file object has to be called "file":: class FileProxy(FileProxyMixin): def __init__(self, file): self.file = file """ encoding = property(lambda self: self.file.encoding) fileno = property(lambda self: self.file.fileno) flush = property(lambda self: self.file.flush) isatty = property(lambda self: self.file.isatty) newlines = property(lambda self: self.file.newlines) read = property(lambda self: self.file.read) readinto = property(lambda self: self.file.readinto) readline = property(lambda self: self.file.readline) readlines = property(lambda self: self.file.readlines) seek = property(lambda self: self.file.seek) tell = property(lambda self: self.file.tell) truncate = property(lambda self: self.file.truncate) write = property(lambda self: self.file.write) writelines = property(lambda self: self.file.writelines) @property def closed(self): return not self.file or self.file.closed def readable(self): if self.closed: return False if hasattr(self.file, 'readable'): return self.file.readable() return True def writable(self): if self.closed: return False if hasattr(self.file, 'writable'): return self.file.writable() return 'w' in getattr(self.file, 'mode', '') def seekable(self): if self.closed: return False if hasattr(self.file, 'seekable'): return self.file.seekable() return True def __iter__(self): return iter(self.file)注意:可以看到,想要继承这个 Mixin 并正常使用,继承的类应该有实例属性 file。这里 Mixin 中的属性和我们在 Python 中用 open()方法得到的文件对象的属性几乎一致,后面实验中可以得到佐证。File 类:专门为上传文件的定义的基类,直接看源代码。class File(FileProxyMixin): DEFAULT_CHUNK_SIZE = 64 * 2 ** 10 def __init__(self, file, name=None): self.file = file if name is None: name = getattr(file, 'name', None) self.name = name if hasattr(file, 'mode'): self.mode = file.mode def __str__(self): return self.name or '' def __repr__(self): return "<%s: %s>" % (self.__class__.__name__, self or "None") def __bool__(self): return bool(self.name) def __len__(self): return self.size @cached_property def size(self): if hasattr(self.file, 'size'): return self.file.size if hasattr(self.file, 'name'): try: return os.path.getsize(self.file.name) except (OSError, TypeError): pass if hasattr(self.file, 'tell') and hasattr(self.file, 'seek'): pos = self.file.tell() self.file.seek(0, os.SEEK_END) size = self.file.tell() self.file.seek(pos) return size raise AttributeError("Unable to determine the file's size.") def chunks(self, chunk_size=None): """ Read the file and yield chunks of ``chunk_size`` bytes (defaults to ``File.DEFAULT_CHUNK_SIZE``). """ chunk_size = chunk_size or self.DEFAULT_CHUNK_SIZE try: self.seek(0) except (AttributeError, UnsupportedOperation): pass while True: data = self.read(chunk_size) if not data: break yield data def multiple_chunks(self, chunk_size=None): """ Return ``True`` if you can expect multiple chunks. NB: If a particular file representation is in memory, subclasses should always return ``False`` -- there's no good reason to read from memory in chunks. """ return self.size > (chunk_size or self.DEFAULT_CHUNK_SIZE) # ... def open(self, mode=None): if not self.closed: self.seek(0) elif self.name and os.path.exists(self.name): self.file = open(self.name, mode or self.mode) else: raise ValueError("The file cannot be reopened.") return self def close(self): self.file.close()这里就能看到我们之前在实验1中用来保存上传文件时用到的 chunks() 方法,我们现在通过 Django 的命令行模式来使用下这个 File 类,看它有哪些功能。(django-manual) [root@server first_django_app]# python manage.py shellPython 3.8.1 (default, Dec 24 2019, 17:04:00) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)] on linuxType "help", "copyright", "credits" or "license" for more information.(InteractiveConsole)>>> from django.core.files import File接下来,我们看到 File 类实例化时要关联一个文件对象,我们使用之前实验1上传的文件 upload.txt 作为实例化参数:>>> fp = open('/root/test/django/upload.txt', 'r+')>>> f = File(fp)接下来我们就可以测试 File 对象中的各种属性和方法了。具体操作如下:>>> f.name'/root/test/django/upload.txt'>>> f.size47# 按照20字节大小,判断文件需不需要分块读入>>> f.multiple_chunks(20)True# 默认块大小64k,47字节太小了,所以不用分块读入>>> f.multiple_chunks()False我们可以使用 chunks() 方法分块读取文件内容,然后做我们想做的事情,如下:>>> for c in f.chunks():... print('本次读入:{}'.format(c))... 本次读入:测试上传文件xxxxxspyinx test upload>>> for c in f.chunks(20):... print('本次读入:{}'.format(c))... 本次读入:测试上传文件xxxxxspyinx本次读入: test upload上面测试了2种形式,一种不需要分块读如数据,一口气读完所有内容(因为默认的分块大小大于文件内容)。另一种则设置小一些分块大小,这样会每次读取最多20字节内容,依次打印读取到的内容。接下来我们看下和上传相关的两个文件类:TemporaryUploadedFile 和 InMemoryUploadedFile。这两个类都是继承自 UploadedFile,而 UploadedFile 又是继承至 File 类的。# 源码路径: django/core/files/uploadedfile.pyclass UploadedFile(File): """ An abstract uploaded file (``TemporaryUploadedFile`` and ``InMemoryUploadedFile`` are the built-in concrete subclasses). An ``UploadedFile`` object behaves somewhat like a file object and represents some file data that the user submitted with a form. """ def __init__(self, file=None, name=None, content_type=None, size=None, charset=None, content_type_extra=None): super().__init__(file, name) self.size = size self.content_type = content_type self.charset = charset self.content_type_extra = content_type_extra def __repr__(self): return "<%s: %s (%s)>" % (self.__class__.__name__, self.name, self.content_type) def _get_name(self): return self._name def _set_name(self, name): # Sanitize the file name so that it can't be dangerous. if name is not None: # Just use the basename of the file -- anything else is dangerous. name = os.path.basename(name) # File names longer than 255 characters can cause problems on older OSes. if len(name) > 255: name, ext = os.path.splitext(name) ext = ext[:255] name = name[:255 - len(ext)] + ext self._name = name name = property(_get_name, _set_name)这个类相比于 File 基类主要是增加了多个实例属性,其他方法到没啥变化。接下里来看继承这个类的两个 File 类:class TemporaryUploadedFile(UploadedFile): """ A file uploaded to a temporary location (i.e. stream-to-disk). """ def __init__(self, name, content_type, size, charset, content_type_extra=None): _, ext = os.path.splitext(name) file = tempfile.NamedTemporaryFile(suffix='.upload' + ext, dir=settings.FILE_UPLOAD_TEMP_DIR) super().__init__(file, name, content_type, size, charset, content_type_extra) def temporary_file_path(self): """Return the full path of this file.""" return self.file.name def close(self): try: return self.file.close() except FileNotFoundError: # The file was moved or deleted before the tempfile could unlink # it. Still sets self.file.close_called and calls # self.file.file.close() before the exception. passclass InMemoryUploadedFile(UploadedFile): """ A file uploaded into memory (i.e. stream-to-memory). """ def __init__(self, file, field_name, name, content_type, size, charset, content_type_extra=None): super().__init__(file, name, content_type, size, charset, content_type_extra) self.field_name = field_name def open(self, mode=None): self.file.seek(0) return self def chunks(self, chunk_size=None): self.file.seek(0) yield self.read() def multiple_chunks(self, chunk_size=None): # Since it's in memory, we'll never have multiple chunks. return False这两段代码非常简单,代码展现的逻辑也非常清晰。TemporaryUploadedFile 打开的文件是临时生成的文件,而 InMemoryUploadedFile 类对于上传的文件会保存到内存中。我们熟悉了这两个类之后来对应的处理上传文件的 Handler,一个会使用 TemporaryUploadedFile 类使用临时文件保存上传的文件,另一个会使用 InMemoryUploadedFile 将上传文件的内容写到内存中:class TemporaryFileUploadHandler(FileUploadHandler): """ Upload handler that streams data into a temporary file. """ def new_file(self, *args, **kwargs): """ Create the file object to append to as data is coming in. """ super().new_file(*args, **kwargs) # 这个文件是打开临时文件的句柄 self.file = TemporaryUploadedFile(self.file_name, self.content_type, 0, self.charset, self.content_type_extra) # 将受到的数据写入到对应的临时文件中 def receive_data_chunk(self, raw_data, start): self.file.write(raw_data) # 处理文件完毕 def file_complete(self, file_size): # 文件指针,指向初始位置 self.file.seek(0) # 设置文件大小 self.file.size = file_size return self.fileclass MemoryFileUploadHandler(FileUploadHandler): """ File upload handler to stream uploads into memory (used for small files). """ def handle_raw_input(self, input_data, META, content_length, boundary, encoding=None): """ Use the content_length to signal whether or not this handler should be used. """ # Check the content-length header to see if we should # If the post is too large, we cannot use the Memory handler. self.activated = content_length <= settings.FILE_UPLOAD_MAX_MEMORY_SIZE def new_file(self, *args, **kwargs): super().new_file(*args, **kwargs) if self.activated: self.file = BytesIO() raise StopFutureHandlers() def receive_data_chunk(self, raw_data, start): """Add the data to the BytesIO file.""" if self.activated: self.file.write(raw_data) else: return raw_data def file_complete(self, file_size): """Return a file object if this handler is activated.""" if not self.activated: return self.file.seek(0) return InMemoryUploadedFile( file=self.file, field_name=self.field_name, name=self.file_name, content_type=self.content_type, size=file_size, charset=self.charset, content_type_extra=self.content_type_extra )
- 5-17 GridFS - 查看admin人脸信息 Spring Cloud分布式微服务实战
- Swagger Codengen 主流环境安装 零基础学习 Swagger 完整知识体系
- ES6+ Promise 进阶 零基础深入浅出讲解 ES6+ 的语法及使用
- 函数式接口 面向就业的最佳首选语言
- 定时分析日志-单元测试 一句话介绍
sanitize相关搜索
-
s line
safari浏览器
samba
SAMP
samplerate
sandbox
sanitize
saper
sas
sass
save
smarty模板
smil
smtp
snapshot
snd
snmptrap
soap
soapclient
soap协议