From 4e96ddfb9e2ab1d010f4d8c788bf5def570897cf Mon Sep 17 00:00:00 2001 From: shortcutme Date: Wed, 11 Jan 2017 13:12:35 +0100 Subject: [PATCH] Allow .. in data_dir path --- src/Site/SiteStorage.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/Site/SiteStorage.py b/src/Site/SiteStorage.py index 3416004d..aaa35ae6 100644 --- a/src/Site/SiteStorage.py +++ b/src/Site/SiteStorage.py @@ -278,11 +278,10 @@ class SiteStorage(object): if not inner_path: return self.directory - file_path = u"%s/%s" % (self.directory, inner_path) + if ".." in inner_path: + raise Exception(u"File not allowed: %s" % inner_path) - if ".." in file_path: - raise Exception(u"File not allowed: %s" % file_path) - return file_path + return u"%s/%s" % (self.directory, inner_path) # Get site dir relative path def getInnerPath(self, path): @@ -418,8 +417,8 @@ class SiteStorage(object): os.unlink(path) break except Exception, err: - self.log.error("Error removing %s: %s, try #%s" % (path, err, retry)) - time.sleep(float(retry)/10) + self.log.error("Error removing %s: %s, try #%s" % (path, err, retry)) + time.sleep(float(retry) / 10) self.onUpdated(inner_path, False) self.log.debug("Deleting empty dirs...")