Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create our own check function

Browse Source
This commit is contained in:
Andrew 2022-12-14 14:54:52 -05:00
parent 9f939ae40e
commit 551020f738
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/classes/shared/helpers.py
View File

@ -376,6 +376,18 @@ class Helpers:
return default_return
@staticmethod
def is_subdir(server_path, root_dir):
server_path = os.path.realpath(server_path)
root_dir = os.path.realpath(root_dir)
relative = os.path.relpath(server_path, root_dir)
if relative.startswith(os.pardir):
return False
else:
return True
def set_setting(self, key, new_value):
try:
with open(self.settings_file, "r", encoding="utf-8") as f:

9
app/classes/web/server_handler.py
View File

@ -2,7 +2,6 @@ import json
import logging
import os
import time
from pathlib import PurePosixPath
import tornado.web
import tornado.escape
import bleach
@ -320,8 +319,8 @@ class ServerHandler(BaseHandler):
return
import_type = bleach.clean(self.get_argument("create_type", ""))
import_server_path = bleach.clean(self.get_argument("server_path", ""))
if PurePosixPath(self.controller.project_root).is_relative_to(
import_server_path
if not self.helper.is_subdir(
import_server_path, self.controller.project_root
):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
@ -478,9 +477,7 @@ class ServerHandler(BaseHandler):
return
import_type = bleach.clean(self.get_argument("create_type", ""))
import_server_path = bleach.clean(self.get_argument("server_path", ""))
if PurePosixPath(self.controller.project_root).is_relative_to(
import_server_path
):
if self.helper.is_subdir(import_server_path, self.controller.project_root):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
" an infinite copy loop. Make sure Crafty's directory is not"