oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Optimize path modifying functions

Browse source
This commit is contained in:
HelloZeroNet 2016-04-06 13:48:13 +02:00
parent f83a466919
commit ec70c47aa0
2 changed files with 8 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/Site/SiteStorage.py
View file

@ -245,14 +245,12 @@ class SiteStorage:
# Security check and return path of site's file
def getPath(self, inner_path):
inner_path = inner_path.replace("\\", "/") # Windows separator fix
inner_path = re.sub("^%s/" % re.escape(self.directory), "", inner_path) # Remove site directory if begins with it
file_path = u"%s/%s" % (self.directory, inner_path)
if not inner_path:
return self.directory
file_abspath = os.path.dirname(os.path.abspath(file_path))
if ".." in file_path or not file_abspath.startswith(self.allowed_dir):
self.site.log.error(u"File %s not in allowed dir: %s" % (file_path, self.allowed_dir))
file_path = u"%s/%s" % (self.directory, inner_path)
if ".." in file_path:
raise Exception(u"File not allowed: %s" % file_path)
return file_path