Send a file from within a directory using :func:`send_file`. This is a secure way to serve files from a folder, such as static files or uploads. Uses :func:`~werkzeug.security.safe_join` to ensure the path coming from the client is not maliciously crafted to point outside the specif
(
directory: os.PathLike[str] | str,
path: os.PathLike[str] | str,
environ: WSGIEnvironment,
**kwargs: t.Any,
)
| 529 | |
| 530 | |
| 531 | def send_from_directory( |
| 532 | directory: os.PathLike[str] | str, |
| 533 | path: os.PathLike[str] | str, |
| 534 | environ: WSGIEnvironment, |
| 535 | **kwargs: t.Any, |
| 536 | ) -> Response: |
| 537 | """Send a file from within a directory using :func:`send_file`. |
| 538 | |
| 539 | This is a secure way to serve files from a folder, such as static |
| 540 | files or uploads. Uses :func:`~werkzeug.security.safe_join` to |
| 541 | ensure the path coming from the client is not maliciously crafted to |
| 542 | point outside the specified directory. |
| 543 | |
| 544 | If the final path does not point to an existing regular file, |
| 545 | returns a 404 :exc:`~werkzeug.exceptions.NotFound` error. |
| 546 | |
| 547 | :param directory: The directory that ``path`` must be located under. This *must not* |
| 548 | be a value provided by the client, otherwise it becomes insecure. |
| 549 | :param path: The path to the file to send, relative to ``directory``. This is the |
| 550 | part of the path provided by the client, which is checked for security. |
| 551 | :param environ: The WSGI environ for the current request. |
| 552 | :param kwargs: Arguments to pass to :func:`send_file`. |
| 553 | |
| 554 | .. versionadded:: 2.0 |
| 555 | Adapted from Flask's implementation. |
| 556 | """ |
| 557 | path_str = safe_join(os.fspath(directory), os.fspath(path)) |
| 558 | |
| 559 | if path_str is None: |
| 560 | raise NotFound() |
| 561 | |
| 562 | # Flask will pass app.root_path, allowing its send_from_directory |
| 563 | # wrapper to not have to deal with paths. |
| 564 | if "_root_path" in kwargs: |
| 565 | path_str = os.path.join(kwargs["_root_path"], path_str) |
| 566 | |
| 567 | if not os.path.isfile(path_str): |
| 568 | raise NotFound() |
| 569 | |
| 570 | return send_file(path_str, environ, **kwargs) |
| 571 | |
| 572 | |
| 573 | def import_string(import_name: str, silent: bool = False) -> t.Any: |