Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cannot differentiate between a regular text input field and a non-uploaded file
See original GitHub issueIssue came up while trying to send an empty file (and filename) to an HTTPbin form.
Using Flask you’re unable to differentiate between the content of a text field in a form and a non-uploaded file from the request object
Example test
Using flask alone; User @moy helped with this and prompted me to post this bug report
from flask import Flask, flash, request, redirect, url_for, escape
app = Flask(__name__)
@app.route('/', methods=['GET', 'POST'])
def upload_file():
if request.method == 'POST':
return '<pre>{}</pre>'.format(escape(str(request.form) + '\n' + str(request.files)))
return '''
<!doctype html>
<title>Upload new Files</title>
<h1>Upload new Files</h1>
<form method=post enctype=multipart/form-data>
<input name="normal_field" value="field_value" />
<input type=file name=file>
<input type=file name=secondfile>
<input type=submit value=Upload>
</form>
'''
Expected Behavior
Submitting with only the first file field set in the browser, one would expect to find :
- the content of both file fields in the same object ;
- the content of normal text input fields in a separate objects ;
So something along the lines of
ImmutableMultiDict([('normal_field', 'field_value')])
ImmutableMultiDict([('file', <FileStorage: 'tmp-rg1.xpi' ('application/x-xpinstall')>),
('secondfile', <FileStorage: '' ('...')>)
])
Actual Behavior
Submitting with only one file (the first field) set in the browser gives:
ImmutableMultiDict([('normal_field', 'field_value'), ('secondfile', '')])
ImmutableMultiDict([('file', <FileStorage: 'tmp-rg1.xpi' ('application/x-xpinstall')>)])
The first is the form’s field, the second the actual files uploaded. I see no way to distinguish between an empty text field and a non-uploaded file from the request object.
Is this behavior intended ?
Issue Analytics
- State:
- Created 4 years ago
- Comments:7 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I could reproduce on the machine I first did the test, but the problem disappeared when I
pip3 install --upgrade flask-ed. So, indeed, problem solved. Thanks.It’s not. When sending a file, the corresponding part contains a
filename=...entry, with an empty filename to indicate that the file is absent. Here’s a small test in PHP to show it:https://matthieu-moy.fr/tmp/2019/tmp.php
When I submit the form without specifying the file, and use Firefox’s webmaster tools to display the request’s payload, I see:
The content is empty, but there’s still a
filename=""sent by the browser. Non-file fields are sent as:i.e. without
filename=...at all. As the test shows, PHP can distinguish non-submited files, put in$_FILES, and non-file fields, in$_POST. The information is there, but it’s not used by flask.