Merge branch 'dev' into bug/zip-server-upload

2024-08-30 18:23:09 +00:00 · 2022-12-17 00:07:15 +00:00 · 2022-12-17 00:07:15 +00:00 · cffa58da3b
commit cffa58da3b
parent c74aeb5dde f945bbe63a
4 changed files with 22 additions and 20 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,7 @@ TBD
 - Fix colours on public pages. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/504))
 - Fix bug where public background was not sent to public pages...like the error page resulting in an error...ironic...I know. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/505))
 - Be sure a user cannot server import crafty dir. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/506))
+- Remove Pathlib from sub path check ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/508))
 ### Tweaks
 TBD
 ### Lang
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@ -385,8 +385,7 @@ class Helpers:

        if relative.startswith(os.pardir):
            return False
-        else:
-            return True
+        return True

    def set_setting(self, key, new_value):
        try:
--- a/app/classes/web/ajax_handler.py
+++ b/app/classes/web/ajax_handler.py
@ -508,12 +508,12 @@ class AjaxHandler(BaseHandler):
                    self.redirect("/panel/dashboard")

        elif page == "unzip_server":
-            path = urllib.parse.unquote(self.get_argument("path", None))
+            path = urllib.parse.unquote(self.get_argument("path", ""))
            if not path:
                path = os.path.join(
                    self.controller.project_root,
                    "imports",
-                    self.get_argument("file", ""),
+                    urllib.parse.unquote(self.get_argument("file", "")),
                )
            if Helpers.check_file_exists(path):
                self.helper.unzip_server(path, exec_user["user_id"])
--- a/app/classes/web/server_handler.py
+++ b/app/classes/web/server_handler.py
@ -319,15 +319,6 @@ class ServerHandler(BaseHandler):
                return
            import_type = bleach.clean(self.get_argument("create_type", ""))
            import_server_path = bleach.clean(self.get_argument("server_path", ""))
-            if not self.helper.is_subdir(
-                import_server_path, self.controller.project_root
-            ):
-                self.redirect(
-                    "/panel/error?error=Loop Error: The selected path will cause"
-                    " an infinite copy loop. Make sure Crafty's directory is not"
-                    " in your server path."
-                )
-                return
            import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
            server_parts = server.split("|")
            captured_roles = []
@ -340,6 +331,15 @@ class ServerHandler(BaseHandler):
                return

            if import_type == "import_jar":
+                if not self.helper.is_subdir(
+                    import_server_path, self.controller.project_root
+                ):
+                    self.redirect(
+                        "/panel/error?error=Loop Error: The selected path will cause"
+                        " an infinite copy loop. Make sure Crafty's directory is not"
+                        " in your server path."
+                    )
+                    return
                good_path = self.controller.verify_jar_server(
                    import_server_path, import_server_jar
                )
@ -477,13 +477,6 @@ class ServerHandler(BaseHandler):
                return
            import_type = bleach.clean(self.get_argument("create_type", ""))
            import_server_path = bleach.clean(self.get_argument("server_path", ""))
-            if self.helper.is_subdir(import_server_path, self.controller.project_root):
-                self.redirect(
-                    "/panel/error?error=Loop Error: The selected path will cause"
-                    " an infinite copy loop. Make sure Crafty's directory is not"
-                    " in your server path."
-                )
-                return
            import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
            server_parts = server.split("|")
            captured_roles = []
@ -496,6 +489,15 @@ class ServerHandler(BaseHandler):
                return

            if import_type == "import_jar":
+                if self.helper.is_subdir(
+                    import_server_path, self.controller.project_root
+                ):
+                    self.redirect(
+                        "/panel/error?error=Loop Error: The selected path will cause"
+                        " an infinite copy loop. Make sure Crafty's directory is not"
+                        " in your server path."
+                    )
+                    return
                good_path = self.controller.verify_jar_server(
                    import_server_path, import_server_exe
                )