~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to services/serveservice

Committer: William Grant
Date: 2009-02-17 00:39:05 UTC
mto: (1099.1.143 new-dispatch)
mto: This revision was merged to the branch mainline in revision 1100.
Revision ID: grantw@unimelb.edu.au-20090217003905-f3aie9oqb9vrsfrn

Enable CGI path backtracking in serveservice.

files modified:
services/serveservice

Show diffs side-by-side

added added

removed removed

services/serveservice

filetype = ivle.conf.mimetypes.default_mimetype

return filetype

def throw_error(message):

print cjson.encode({'error': message})

def throw_error(message, extra={}):

error = {'error': message}

error.update(extra)

print cjson.encode(error)

sys.exit(0)

parser = OptionParser()

zipfilename = os.path.basename(zipbasepath)

else:

filename = paths[0]

if not os.access(filename, os.R_OK):

throw_error('not-found')

if not os.access(filename, os.F_OK):

# The given path doesn't exist. CGI lets us backtrack and put the path

# elements through which we pass into PATH_INFO, so we try that.

while not os.access(filename, os.F_OK):

filename, path_info_frag = os.path.split(filename)

# We now have a file that exists, but is it something that we're allowed

# to execute? If not, we should 404 anyway.

if determine_file_type(filename) not in ivle.conf.app.server.interpreters:

throw_error('not-found')

# If it's a directory, serve as a zip file

if os.path.isdir(filename):

102

112

else:

103

113

if not download and \

104

114

determine_file_type(filename) in ivle.conf.app.server.interpreters:

105

throw_error('is-executable')

115

throw_error('is-executable', {'path': filename})

106

116

107

117

if (ivle.conf.app.server.blacklist_served_filetypes and \

108

118

determine_file_type(filename) in \

Older »