diff --git a/src/documents/forms.py b/src/documents/forms.py index c3efc774f..f44090164 100644 --- a/src/documents/forms.py +++ b/src/documents/forms.py @@ -3,22 +3,35 @@ import tempfile from datetime import datetime from time import mktime +import magic from django import forms from django.conf import settings from django_q.tasks import async_task from pathvalidate import validate_filename, ValidationError +from documents.parsers import is_mime_type_supported + class UploadForm(forms.Form): document = forms.FileField() def clean_document(self): + document_name = self.cleaned_data.get("document").name + try: - validate_filename(self.cleaned_data.get("document").name) + validate_filename(document_name) except ValidationError: raise forms.ValidationError("That filename is suspicious.") - return self.cleaned_data.get("document") + + document_data = self.cleaned_data.get("document").read() + + mime_type = magic.from_buffer(document_data, mime=True) + + if not is_mime_type_supported(mime_type): + raise forms.ValidationError("This mime type is not supported.") + + return document_name, document_data def save(self): """ @@ -27,8 +40,7 @@ class UploadForm(forms.Form): form do that as well. Think of it as a poor-man's queue server. """ - document = self.cleaned_data.get("document").read() - original_filename = self.cleaned_data.get("document").name + original_filename, data = self.cleaned_data.get("document") t = int(mktime(datetime.now().timetuple())) @@ -36,7 +48,7 @@ class UploadForm(forms.Form): with tempfile.NamedTemporaryFile(prefix="paperless-upload-", dir=settings.SCRATCH_DIR, delete=False) as f: - f.write(document) + f.write(data) os.utime(f.name, times=(t, t)) async_task("documents.tasks.consume_file", f.name, override_filename=original_filename, task_name=os.path.basename(original_filename))