oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove /media access

Browse source
This commit is contained in:
shortcutme 2017-01-27 13:05:49 +01:00
parent 72f91a2816
commit d65c7d05a4
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
2 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Test/TestWeb.py
View file

@ -25,7 +25,7 @@ class WaitForPageLoad(object):
@pytest.mark.webtest @pytest.mark.webtest
class TestWeb: class TestWeb:
def testFileSecurity(self, site_url): def testFileSecurity(self, site_url):
assert "Forbidden" in urllib.urlopen("%s/media/./sites.json" % site_url).read() assert "Not Found" in urllib.urlopen("%s/media/./sites.json" % site_url).read()
assert "Forbidden" in urllib.urlopen("%s/media/../config.py" % site_url).read() assert "Forbidden" in urllib.urlopen("%s/media/../config.py" % site_url).read()
assert "Forbidden" in urllib.urlopen("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url).read() assert "Forbidden" in urllib.urlopen("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url).read()
assert "Forbidden" in urllib.urlopen("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url).read() assert "Forbidden" in urllib.urlopen("%s/media/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url).read()

2
src/Ui/UiRequest.py
View file

@ -67,8 +67,6 @@ class UiRequest(object):
# uimedia within site dir (for chrome extension) # uimedia within site dir (for chrome extension)
path = re.sub(".*?/uimedia/", "/uimedia/", path) path = re.sub(".*?/uimedia/", "/uimedia/", path)
return self.actionUiMedia(path) return self.actionUiMedia(path)
elif path.startswith("/media"):
return self.actionSiteMedia(path)
# Websocket # Websocket
elif path == "/Websocket": elif path == "/Websocket":
return self.actionWebsocket() return self.actionWebsocket()