From 8c6bb382243f2942f99e41b81afe186fcb0655a9 Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Thu, 15 Dec 2022 18:58:10 -0500
Subject: [PATCH 1/3] Fix location of loop check.

---
 app/classes/web/ajax_handler.py   |  4 ++--
 app/classes/web/server_handler.py | 34 ++++++++++++++++---------------
 2 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py
index 61e2c40d..cdd67146 100644
--- a/app/classes/web/ajax_handler.py
+++ b/app/classes/web/ajax_handler.py
@@ -508,12 +508,12 @@ class AjaxHandler(BaseHandler):
                     self.redirect("/panel/dashboard")
 
         elif page == "unzip_server":
-            path = urllib.parse.unquote(self.get_argument("path", None))
+            path = urllib.parse.unquote(self.get_argument("path", ""))
             if not path:
                 path = os.path.join(
                     self.controller.project_root,
                     "imports",
-                    self.get_argument("file", ""),
+                    urllib.parse.unquote(self.get_argument("file", "")),
                 )
             if Helpers.check_file_exists(path):
                 self.helper.unzip_server(path, exec_user["user_id"])
diff --git a/app/classes/web/server_handler.py b/app/classes/web/server_handler.py
index e6ecc719..62c549e5 100644
--- a/app/classes/web/server_handler.py
+++ b/app/classes/web/server_handler.py
@@ -319,15 +319,6 @@ class ServerHandler(BaseHandler):
                 return
             import_type = bleach.clean(self.get_argument("create_type", ""))
             import_server_path = bleach.clean(self.get_argument("server_path", ""))
-            if not self.helper.is_subdir(
-                import_server_path, self.controller.project_root
-            ):
-                self.redirect(
-                    "/panel/error?error=Loop Error: The selected path will cause"
-                    " an infinite copy loop. Make sure Crafty's directory is not"
-                    " in your server path."
-                )
-                return
             import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
             server_parts = server.split("|")
             captured_roles = []
@@ -340,6 +331,15 @@ class ServerHandler(BaseHandler):
                 return
 
             if import_type == "import_jar":
+                if not self.helper.is_subdir(
+                    import_server_path, self.controller.project_root
+                ):
+                    self.redirect(
+                        "/panel/error?error=Loop Error: The selected path will cause"
+                        " an infinite copy loop. Make sure Crafty's directory is not"
+                        " in your server path."
+                    )
+                    return
                 good_path = self.controller.verify_jar_server(
                     import_server_path, import_server_jar
                 )
@@ -477,13 +477,6 @@ class ServerHandler(BaseHandler):
                 return
             import_type = bleach.clean(self.get_argument("create_type", ""))
             import_server_path = bleach.clean(self.get_argument("server_path", ""))
-            if self.helper.is_subdir(import_server_path, self.controller.project_root):
-                self.redirect(
-                    "/panel/error?error=Loop Error: The selected path will cause"
-                    " an infinite copy loop. Make sure Crafty's directory is not"
-                    " in your server path."
-                )
-                return
             import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
             server_parts = server.split("|")
             captured_roles = []
@@ -496,6 +489,15 @@ class ServerHandler(BaseHandler):
                 return
 
             if import_type == "import_jar":
+                if self.helper.is_subdir(
+                    import_server_path, self.controller.project_root
+                ):
+                    self.redirect(
+                        "/panel/error?error=Loop Error: The selected path will cause"
+                        " an infinite copy loop. Make sure Crafty's directory is not"
+                        " in your server path."
+                    )
+                    return
                 good_path = self.controller.verify_jar_server(
                     import_server_path, import_server_exe
                 )

From 6572dc5e1063b664be09a92048d862a685780fae Mon Sep 17 00:00:00 2001
From: Andrew <mcdeweykp@gmail.com>
Date: Fri, 16 Dec 2022 18:47:36 -0500
Subject: [PATCH 2/3] Appease the linter

---
 app/classes/shared/helpers.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/app/classes/shared/helpers.py b/app/classes/shared/helpers.py
index 350a99e2..39b7b12e 100644
--- a/app/classes/shared/helpers.py
+++ b/app/classes/shared/helpers.py
@@ -385,8 +385,7 @@ class Helpers:
 
         if relative.startswith(os.pardir):
             return False
-        else:
-            return True
+        return True
 
     def set_setting(self, key, new_value):
         try:

From 0519105b45dbf92df65a5b8ebbe8ffeaa52ddbcd Mon Sep 17 00:00:00 2001
From: Zedifus <zedifus@zediverse.gg>
Date: Sat, 17 Dec 2022 00:02:38 +0000
Subject: [PATCH 3/3] Update changelog !508

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43b4471f..d3134dca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ TBD
 - Fix colours on public pages. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/504))
 - Fix bug where public background was not sent to public pages...like the error page resulting in an error...ironic...I know. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/505))
 - Be sure a user cannot server import crafty dir. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/506))
+- Remove Pathlib from sub path check ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/508))
 ### Tweaks
 TBD
 ### Lang