Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Be sure a user cannot server import crafty dir

Browse Source
This commit is contained in:
Andrew 2022-12-06 15:09:11 -05:00
parent 17744b72ae
commit 55c527bfdb
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/classes/web/server_handler.py
View File

@ -5,6 +5,7 @@ import time
import tornado.web
import tornado.escape
import bleach
from pathlib import Path
from app.classes.models.crafty_permissions import EnumPermissionsCrafty
from app.classes.shared.helpers import Helpers
@ -319,6 +320,13 @@ class ServerHandler(BaseHandler):
return
import_type = bleach.clean(self.get_argument("create_type", ""))
import_server_path = bleach.clean(self.get_argument("server_path", ""))
if Path(self.controller.project_root).is_relative_to(import_server_path):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
" an infinite copy loop. Make sure Crafty's directory is not"
" in your server path."
)
return
import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
server_parts = server.split("|")
captured_roles = []
@ -468,6 +476,13 @@ class ServerHandler(BaseHandler):
return
import_type = bleach.clean(self.get_argument("create_type", ""))
import_server_path = bleach.clean(self.get_argument("server_path", ""))
if Path(self.controller.project_root).is_relative_to(import_server_path):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
" an infinite copy loop. Make sure Crafty's directory is not"
" in your server path."
)
return
import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
server_parts = server.split("|")
captured_roles = []