Show More
| @@ -135,6 +135,17 b' def get_stat(spath, fn):' | |||||
| 135 | def get_mtime(spath): |
|
135 | def get_mtime(spath): | |
| 136 | return get_stat(spath, "00changelog.i").st_mtime |
|
136 | return get_stat(spath, "00changelog.i").st_mtime | |
| 137 |
|
137 | |||
|
|
138 | def ispathsafe(path): | |||
|
|
139 | """Determine if a path is safe to use for filesystem access.""" | |||
|
|
140 | parts = path.split('/') | |||
|
|
141 | for part in parts: | |||
|
|
142 | if (part in ('', os.curdir, os.pardir) or | |||
|
|
143 | pycompat.ossep in part or | |||
|
|
144 | pycompat.osaltsep is not None and pycompat.osaltsep in part): | |||
|
|
145 | return False | |||
|
|
146 | ||||
|
|
147 | return True | |||
|
|
148 | ||||
| 138 | def staticfile(directory, fname, req): |
|
149 | def staticfile(directory, fname, req): | |
| 139 | """return a file inside directory with guessed Content-Type header |
|
150 | """return a file inside directory with guessed Content-Type header | |
| 140 |
|
151 | |||
| @@ -144,13 +155,10 b' def staticfile(directory, fname, req):' | |||||
| 144 | Return an empty string if fname is illegal or file not found. |
|
155 | Return an empty string if fname is illegal or file not found. | |
| 145 |
|
156 | |||
| 146 | """ |
|
157 | """ | |
| 147 | parts = fname.split('/') |
|
158 | if not ispathsafe(fname): | |
| 148 | for part in parts: |
|
159 | return | |
| 149 | if (part in ('', os.curdir, os.pardir) or |
|
160 | ||
| 150 | pycompat.ossep in part or |
|
161 | fpath = os.path.join(*fname.split('/')) | |
| 151 | pycompat.osaltsep is not None and pycompat.osaltsep in part): |
|
|||
| 152 | return |
|
|||
| 153 | fpath = os.path.join(*parts) |
|
|||
| 154 | if isinstance(directory, str): |
|
162 | if isinstance(directory, str): | |
| 155 | directory = [directory] |
|
163 | directory = [directory] | |
| 156 | for d in directory: |
|
164 | for d in directory: | |
General Comments 0
You need to be logged in to leave comments.
Login now