I’m developing an admin interface (without a model) for a data restore process. The form on the page allows user to upload a restore file. Now, what I’d like to do is, when the user submit the form, I want to upload the file first, pre-process it, then show a confirmation page to user.
In the pre-process, assuming the form is valid, I unpackage the restore file and extract the backup time from it, then show the backup time (and possibly other information from the restore file) to user in the confirmation page.
My problem is I don’t know what the best way is to save the file state. Ideally I’d like to pass the uploaded file to the confirmation page form then when user agrees to continue, I use the restore file to actually restore the system. However, I can’t seem to figure out how to do it.
So what I did was to save the file first, then somehow include the filepath in the confirmation page in a hidden field. However, there’s a security risk by doing this since the filepath can be modified when user submits the confirmation form.
What’s the best way to tackle this problem?
Thanks!
Store the filepath location in the session. You can access the session from your view:
Then in another view get it out:
and pass it to your template for use.
You don’t have to worry about security, (from the Django docs):