Only accept a certain file type in FileField, server-side

by

One very easy way is to use a custom validator.

In your app’s validators.py:

def validate_file_extension(value):
    import os
    from django.core.exceptions import ValidationError
    ext = os.path.splitext(value.name)[1]  # [0] returns path+filename
    valid_extensions = ['.pdf', '.doc', '.docx', '.jpg', '.png', '.xlsx', '.xls']
    if not ext.lower() in valid_extensions:
        raise ValidationError('Unsupported file extension.')

Then in your models.py:

from .validators import validate_file_extension

… and use the validator for your form field:

class Document(models.Model):
    file = models.FileField(upload_to="documents/%Y/%m/%d", validators=[validate_file_extension])

See also: How to limit file types on file uploads for ModelForms with FileFields?.

Warning

For securing your code execution environment from malicious media files

  1. Use Exif libraries to properly validate the media files.
  2. Separate your media files from your application code
    execution environment
  3. If possible use solutions like S3, GCS, Minio or
    anything similar
  4. When loading media files on client side, use client native methods (for example if you are loading the media files non securely in a
    browser, it may cause execution of “crafted” JavaScript code)

More Related Contents:

  1. Django File upload size limit
  2. how to unit test file upload in django
  3. multiple files upload using same input name in django
  4. UnicodeEncodeError: ‘ascii’ codec can’t encode character
  5. Extending the User model with custom fields in Django
  6. log all sql queries
  7. How can I get the full/absolute URL (with domain) in Django?
  8. Django stops working with RuntimeError: populate() isn’t reentrant
  9. How to resolve “django.core.exceptions.ImproperlyConfigured: Application labels aren’t unique, duplicates: foo” in Django 1.7?
  10. Creating a extended user profile
  11. Django 1.11 Annotating a Subquery Aggregate
  12. How to update an object from edit form in Django?
  13. Navigation in django
  14. Inline Form Validation in Django
  15. Django Template – Increment the value of a variable
  16. Django custom managers – how do I return only objects created by the logged-in user?
  17. Make sure only one worker launches the apscheduler event in a pyramid web app running multiple workers
  18. CSRF Failed: CSRF token missing or incorrect
  19. How can I list urlpatterns (endpoints) on Django?
  20. how to show datepicker calendar on datefield
  21. Order by count of a ForeignKey field?
  22. Django {% static ‘path’ %} in javascript file
  23. Byte Ranges in Django [closed]
  24. Django ORM: Group by and Max
  25. Nginx connection reset, response from uWsgi lost
  26. What is the right way to validate if an object exists in a django view without returning 404?
  27. How to use if/else condition on Django Templates?
  28. How to limit file types on file uploads for ModelForms with FileFields?
  29. Django/DRF – 405 Method not allowed on DELETE operation
  30. django : Serving static files through nginx

Leave a Comment