Show More
| @@ -356,17 +356,14 b' class FilesController(BaseRepoController' | |||
|
|
356 | 356 | content = convert_line_endings(r_post.get('content'), unix_mode) |
|
|
357 | 357 | |
|
|
358 | 358 | message = r_post.get('message') or c.default_message |
|
|
359 | filename = r_post.get('filename') | |
|
|
359 | 360 | location = r_post.get('location') |
|
|
360 | filename = r_post.get('filename') | |
|
|
361 | 361 | file_obj = r_post.get('upload_file', None) |
|
|
362 | 362 | |
|
|
363 | 363 | if file_obj is not None and hasattr(file_obj, 'filename'): |
|
|
364 | 364 | filename = file_obj.filename |
|
|
365 | 365 | content = file_obj.file |
|
|
366 | 366 | |
|
|
367 | node_path = os.path.join(location, filename) | |
|
|
368 | author = self.rhodecode_user.full_contact | |
|
|
369 | ||
|
|
370 | 367 | if not content: |
|
|
371 | 368 | h.flash(_('No content'), category='warning') |
|
|
372 | 369 | return redirect(url('changeset_home', repo_name=c.repo_name, |
| @@ -375,6 +372,15 b' class FilesController(BaseRepoController' | |||
|
|
375 | 372 | h.flash(_('No filename'), category='warning') |
|
|
376 | 373 | return redirect(url('changeset_home', repo_name=c.repo_name, |
|
|
377 | 374 | revision='tip')) |
|
|
375 | if location.startswith('/') or location.startswith('.') or '../' in location: | |
|
|
376 | h.flash(_('location must be relative path and must not ' | |
|
|
377 | 'contain .. in path'), category='warning') | |
|
|
378 | return redirect(url('changeset_home', repo_name=c.repo_name, | |
|
|
379 | revision='tip')) | |
|
|
380 | location = os.path.normpath(location) | |
|
|
381 | filename = os.path.basename(filename) | |
|
|
382 | node_path = os.path.join(location, filename) | |
|
|
383 | author = self.rhodecode_user.full_contact | |
|
|
378 | 384 | |
|
|
379 | 385 | try: |
|
|
380 | 386 | self.scm_model.create_node(repo=c.rhodecode_repo, |
| @@ -384,7 +390,7 b' class FilesController(BaseRepoController' | |||
|
|
384 | 390 | content=content, f_path=node_path) |
|
|
385 | 391 | h.flash(_('Successfully committed to %s') % node_path, |
|
|
386 | 392 | category='success') |
|
|
387 | except NodeAlreadyExistsError, e: | |
|
|
393 | except (NodeError, NodeAlreadyExistsError), e: | |
|
|
388 | 394 | h.flash(_(e), category='error') |
|
|
389 | 395 | except Exception: |
|
|
390 | 396 | log.error(traceback.format_exc()) |
| @@ -51,7 +51,7 b'' | |||
|
|
51 | 51 | </div> |
|
|
52 | 52 | <div id="upload_file_container" class="field" style="display:none"> |
|
|
53 | 53 | <div class="label"> |
|
|
54 |
<label for=" |
|
|
|
54 | <label for="upload_file_container">${_('Upload file')}</label> | |
|
|
55 | 55 | </div> |
|
|
56 | 56 | <div class="file"> |
|
|
57 | 57 | <input type="file" size="30" name="upload_file" id="upload_file"> |
General Comments 0
You need to be logged in to leave comments.
Login now