Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into bug/zip-server-upload

Browse Source
This commit is contained in:
Zedifus 2022-12-17 00:07:15 +00:00
commit cffa58da3b
4 changed files with 22 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -8,6 +8,7 @@ TBD
- Fix colours on public pages. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/504)) - Fix colours on public pages. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/504))
- Fix bug where public background was not sent to public pages...like the error page resulting in an error...ironic...I know. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/505)) - Fix bug where public background was not sent to public pages...like the error page resulting in an error...ironic...I know. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/505))
- Be sure a user cannot server import crafty dir. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/506)) - Be sure a user cannot server import crafty dir. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/506))
- Remove Pathlib from sub path check ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/508))
### Tweaks ### Tweaks
TBD TBD
### Lang ### Lang

3
app/classes/shared/helpers.py
View File

@ -385,8 +385,7 @@ class Helpers:
if relative.startswith(os.pardir): if relative.startswith(os.pardir):
return False return False
else: return True
return True
def set_setting(self, key, new_value): def set_setting(self, key, new_value):
try: try:

4
app/classes/web/ajax_handler.py
View File

@ -508,12 +508,12 @@ class AjaxHandler(BaseHandler):
self.redirect("/panel/dashboard") self.redirect("/panel/dashboard")
elif page == "unzip_server": elif page == "unzip_server":
path = urllib.parse.unquote(self.get_argument("path", None)) path = urllib.parse.unquote(self.get_argument("path", ""))
if not path: if not path:
path = os.path.join( path = os.path.join(
self.controller.project_root, self.controller.project_root,
"imports", "imports",
self.get_argument("file", ""), urllib.parse.unquote(self.get_argument("file", "")),
) )
if Helpers.check_file_exists(path): if Helpers.check_file_exists(path):
self.helper.unzip_server(path, exec_user["user_id"]) self.helper.unzip_server(path, exec_user["user_id"])

34
app/classes/web/server_handler.py
View File

@ -319,15 +319,6 @@ class ServerHandler(BaseHandler):
return return
import_type = bleach.clean(self.get_argument("create_type", "")) import_type = bleach.clean(self.get_argument("create_type", ""))
import_server_path = bleach.clean(self.get_argument("server_path", "")) import_server_path = bleach.clean(self.get_argument("server_path", ""))
if not self.helper.is_subdir(
import_server_path, self.controller.project_root
):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
" an infinite copy loop. Make sure Crafty's directory is not"
" in your server path."
)
return
import_server_jar = bleach.clean(self.get_argument("server_jar", "")) import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
server_parts = server.split("|") server_parts = server.split("|")
captured_roles = [] captured_roles = []
@ -340,6 +331,15 @@ class ServerHandler(BaseHandler):
return return
if import_type == "import_jar": if import_type == "import_jar":
if not self.helper.is_subdir(
import_server_path, self.controller.project_root
):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
" an infinite copy loop. Make sure Crafty's directory is not"
" in your server path."
)
return
good_path = self.controller.verify_jar_server( good_path = self.controller.verify_jar_server(
import_server_path, import_server_jar import_server_path, import_server_jar
) )
@ -477,13 +477,6 @@ class ServerHandler(BaseHandler):
return return
import_type = bleach.clean(self.get_argument("create_type", "")) import_type = bleach.clean(self.get_argument("create_type", ""))
import_server_path = bleach.clean(self.get_argument("server_path", "")) import_server_path = bleach.clean(self.get_argument("server_path", ""))
if self.helper.is_subdir(import_server_path, self.controller.project_root):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
" an infinite copy loop. Make sure Crafty's directory is not"
" in your server path."
)
return
import_server_exe = bleach.clean(self.get_argument("server_jar", "")) import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
server_parts = server.split("|") server_parts = server.split("|")
captured_roles = [] captured_roles = []
@ -496,6 +489,15 @@ class ServerHandler(BaseHandler):
return return
if import_type == "import_jar": if import_type == "import_jar":
if self.helper.is_subdir(
import_server_path, self.controller.project_root
):
self.redirect(
"/panel/error?error=Loop Error: The selected path will cause"
" an infinite copy loop. Make sure Crafty's directory is not"
" in your server path."
)
return
good_path = self.controller.verify_jar_server( good_path = self.controller.verify_jar_server(
import_server_path, import_server_exe import_server_path, import_server_exe
) )