MCPcopy
hub / github.com/pallets/werkzeug / send_from_directory

Function send_from_directory

src/werkzeug/utils.py:531–570  ·  view source on GitHub ↗

Send a file from within a directory using :func:`send_file`. This is a secure way to serve files from a folder, such as static files or uploads. Uses :func:`~werkzeug.security.safe_join` to ensure the path coming from the client is not maliciously crafted to point outside the specif

(
    directory: os.PathLike[str] | str,
    path: os.PathLike[str] | str,
    environ: WSGIEnvironment,
    **kwargs: t.Any,
)

Source from the content-addressed store, hash-verified

529
530
531def send_from_directory(
532 directory: os.PathLike[str] | str,
533 path: os.PathLike[str] | str,
534 environ: WSGIEnvironment,
535 **kwargs: t.Any,
536) -> Response:
537 """Send a file from within a directory using :func:`send_file`.
538
539 This is a secure way to serve files from a folder, such as static
540 files or uploads. Uses :func:`~werkzeug.security.safe_join` to
541 ensure the path coming from the client is not maliciously crafted to
542 point outside the specified directory.
543
544 If the final path does not point to an existing regular file,
545 returns a 404 :exc:`~werkzeug.exceptions.NotFound` error.
546
547 :param directory: The directory that ``path`` must be located under. This *must not*
548 be a value provided by the client, otherwise it becomes insecure.
549 :param path: The path to the file to send, relative to ``directory``. This is the
550 part of the path provided by the client, which is checked for security.
551 :param environ: The WSGI environ for the current request.
552 :param kwargs: Arguments to pass to :func:`send_file`.
553
554 .. versionadded:: 2.0
555 Adapted from Flask's implementation.
556 """
557 path_str = safe_join(os.fspath(directory), os.fspath(path))
558
559 if path_str is None:
560 raise NotFound()
561
562 # Flask will pass app.root_path, allowing its send_from_directory
563 # wrapper to not have to deal with paths.
564 if "_root_path" in kwargs:
565 path_str = os.path.join(kwargs["_root_path"], path_str)
566
567 if not os.path.isfile(path_str):
568 raise NotFound()
569
570 return send_file(path_str, environ, **kwargs)
571
572
573def import_string(import_name: str, silent: bool = False) -> t.Any:

Callers 3

test_from_directoryFunction · 0.90
test_root_pathFunction · 0.90

Calls 3

safe_joinFunction · 0.85
NotFoundClass · 0.85
send_fileFunction · 0.85

Tested by 3

test_from_directoryFunction · 0.72
test_root_pathFunction · 0.72