Show More
| @@ -135,6 +135,17 b' def get_stat(spath, fn):' | |||
|
|
135 | 135 | def get_mtime(spath): |
|
|
136 | 136 | return get_stat(spath, "00changelog.i").st_mtime |
|
|
137 | 137 | |
|
|
138 | def ispathsafe(path): | |
|
|
139 | """Determine if a path is safe to use for filesystem access.""" | |
|
|
140 | parts = path.split('/') | |
|
|
141 | for part in parts: | |
|
|
142 | if (part in ('', os.curdir, os.pardir) or | |
|
|
143 | pycompat.ossep in part or | |
|
|
144 | pycompat.osaltsep is not None and pycompat.osaltsep in part): | |
|
|
145 | return False | |
|
|
146 | ||
|
|
147 | return True | |
|
|
148 | ||
|
|
138 | 149 | def staticfile(directory, fname, req): |
|
|
139 | 150 | """return a file inside directory with guessed Content-Type header |
|
|
140 | 151 | |
| @@ -144,13 +155,10 b' def staticfile(directory, fname, req):' | |||
|
|
144 | 155 | Return an empty string if fname is illegal or file not found. |
|
|
145 | 156 | |
|
|
146 | 157 | """ |
|
|
147 | parts = fname.split('/') | |
|
|
148 | for part in parts: | |
|
|
149 | if (part in ('', os.curdir, os.pardir) or | |
|
|
150 | pycompat.ossep in part or | |
|
|
151 | pycompat.osaltsep is not None and pycompat.osaltsep in part): | |
|
|
152 | return | |
|
|
153 | fpath = os.path.join(*parts) | |
|
|
158 | if not ispathsafe(fname): | |
|
|
159 | return | |
|
|
160 | ||
|
|
161 | fpath = os.path.join(*fname.split('/')) | |
|
|
154 | 162 | if isinstance(directory, str): |
|
|
155 | 163 | directory = [directory] |
|
|
156 | 164 | for d in directory: |
General Comments 0
You need to be logged in to leave comments.
Login now