mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2025-01-19 09:45:28 +01:00
Refactor all items using in_path for windows comp
This commit is contained in:
amcmanu3
parent
91a81095b4
commit
73d2788aa0
@ -507,9 +507,9 @@ class Helpers:
|
||||
|
||||
return mounts
|
||||
|
||||
def is_subdir(self, server_path, root_dir):
|
||||
server_path = os.path.realpath(server_path)
|
||||
root_dir = os.path.realpath(root_dir)
|
||||
def is_subdir(self, child_path, parent_path):
|
||||
server_path = os.path.realpath(child_path)
|
||||
root_dir = os.path.realpath(parent_path)
|
||||
|
||||
if self.is_os_windows():
|
||||
try:
|
||||
@ -1244,22 +1244,6 @@ class Helpers:
|
||||
return temp_dir
|
||||
return False
|
||||
|
||||
@staticmethod
|
||||
def in_path(parent_path, child_path):
|
||||
# Smooth out relative path names, note: if you are concerned about
|
||||
# symbolic links, you should use os.path.realpath too
|
||||
parent_path = os.path.abspath(parent_path)
|
||||
child_path = os.path.abspath(child_path)
|
||||
|
||||
# Compare the common path of the parent and child path with the
|
||||
# common path of just the parent path. Using the commonpath method
|
||||
# on just the parent path will regularise the path name in the same way
|
||||
# as the comparison that deals with both paths, removing any trailing
|
||||
# path separator
|
||||
return os.path.commonpath([parent_path]) == os.path.commonpath(
|
||||
[parent_path, child_path]
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def download_file(executable_url, jar_path):
|
||||
try:
|
||||
|
||||
@ -656,13 +656,14 @@ class AjaxHandler(BaseHandler):
|
||||
|
||||
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
||||
if not (
|
||||
Helpers.in_path(
|
||||
Helpers.get_os_understandable_path(server_info["path"]), file_path
|
||||
file_path,
|
||||
Helpers.is_subdir(
|
||||
Helpers.get_os_understandable_path(server_info["path"])
|
||||
)
|
||||
or Helpers.in_path(
|
||||
Helpers.get_os_understandable_path(server_info["backup_path"]),
|
||||
or Helpers.is_subdir(
|
||||
file_path,
|
||||
)
|
||||
Helpers.get_os_understandable_path(server_info["backup_path"]),
|
||||
),
|
||||
) or not Helpers.check_file_exists(os.path.abspath(file_path)):
|
||||
logger.warning(f"Invalid path in del_backup ajax call ({file_path})")
|
||||
Console.warning(f"Invalid path in del_backup ajax call ({file_path})")
|
||||
|
||||
@ -57,11 +57,11 @@ class FileHandler(BaseHandler):
|
||||
return
|
||||
server_id = bleach.clean(server_id)
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
file_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
file_path,
|
||||
) or not Helpers.check_file_exists(os.path.abspath(file_path)):
|
||||
logger.warning(
|
||||
f"Invalid path in get_file file file ajax call ({file_path})"
|
||||
@ -163,11 +163,11 @@ class FileHandler(BaseHandler):
|
||||
return
|
||||
server_id = bleach.clean(server_id)
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
file_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
file_path,
|
||||
) or Helpers.check_file_exists(os.path.abspath(file_path)):
|
||||
logger.warning(
|
||||
f"Invalid path in create_file file ajax call ({file_path})"
|
||||
@ -196,11 +196,11 @@ class FileHandler(BaseHandler):
|
||||
return
|
||||
server_id = bleach.clean(server_id)
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
dir_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
dir_path,
|
||||
) or Helpers.check_path_exists(os.path.abspath(dir_path)):
|
||||
logger.warning(
|
||||
f"Invalid path in create_dir file ajax call ({dir_path})"
|
||||
@ -263,12 +263,12 @@ class FileHandler(BaseHandler):
|
||||
|
||||
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
||||
if not (
|
||||
Helpers.in_path(
|
||||
Helpers.get_os_understandable_path(server_info["path"]), file_path
|
||||
Helpers.is_subdir(
|
||||
file_path, Helpers.get_os_understandable_path(server_info["path"])
|
||||
)
|
||||
or Helpers.in_path(
|
||||
Helpers.get_os_understandable_path(server_info["backup_path"]),
|
||||
or Helpers.is_subdir(
|
||||
file_path,
|
||||
Helpers.get_os_understandable_path(server_info["backup_path"]),
|
||||
)
|
||||
) or not Helpers.check_file_exists(os.path.abspath(file_path)):
|
||||
logger.warning(f"Invalid path in del_file file ajax call ({file_path})")
|
||||
@ -296,8 +296,8 @@ class FileHandler(BaseHandler):
|
||||
server_id = bleach.clean(server_id)
|
||||
|
||||
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
||||
if not Helpers.in_path(
|
||||
Helpers.get_os_understandable_path(server_info["path"]), dir_path
|
||||
if not Helpers.is_subdir(
|
||||
dir_path, Helpers.get_os_understandable_path(server_info["path"])
|
||||
) or not Helpers.check_path_exists(os.path.abspath(dir_path)):
|
||||
logger.warning(f"Invalid path in del_file file ajax call ({dir_path})")
|
||||
Console.warning(f"Invalid path in del_file file ajax call ({dir_path})")
|
||||
@ -348,11 +348,11 @@ class FileHandler(BaseHandler):
|
||||
return
|
||||
server_id = bleach.clean(server_id)
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
file_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
file_path,
|
||||
) or not Helpers.check_file_exists(os.path.abspath(file_path)):
|
||||
logger.warning(
|
||||
f"Invalid path in save_file file ajax call ({file_path})"
|
||||
@ -387,11 +387,11 @@ class FileHandler(BaseHandler):
|
||||
Console.warning("Invalid path(s) in rename_file file ajax call")
|
||||
return
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
item_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
item_path,
|
||||
) or not Helpers.check_path_exists(os.path.abspath(item_path)):
|
||||
logger.warning(
|
||||
f"Invalid old name path in rename_file file ajax call ({server_id})"
|
||||
@ -403,11 +403,11 @@ class FileHandler(BaseHandler):
|
||||
|
||||
new_item_path = os.path.join(os.path.split(item_path)[0], new_item_name)
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
new_item_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
new_item_path,
|
||||
) or Helpers.check_path_exists(os.path.abspath(new_item_path)):
|
||||
logger.warning(
|
||||
f"Invalid new name path in rename_file file ajax call ({server_id})"
|
||||
@ -462,11 +462,11 @@ class FileHandler(BaseHandler):
|
||||
Console.warning("Invalid path(s) in rename_file file ajax call")
|
||||
return
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
item_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
item_path,
|
||||
) or not Helpers.check_path_exists(os.path.abspath(item_path)):
|
||||
logger.warning(
|
||||
f"Invalid old name path in rename_file file ajax call ({server_id})"
|
||||
@ -478,11 +478,11 @@ class FileHandler(BaseHandler):
|
||||
|
||||
new_item_path = os.path.join(os.path.split(item_path)[0], new_item_name)
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
new_item_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
new_item_path,
|
||||
) or Helpers.check_path_exists(os.path.abspath(new_item_path)):
|
||||
logger.warning(
|
||||
f"Invalid new name path in rename_file file ajax call ({server_id})"
|
||||
|
||||
@ -821,9 +821,9 @@ class PanelHandler(BaseHandler):
|
||||
Helpers.get_os_understandable_path(server_info["backup_path"]), file
|
||||
)
|
||||
)
|
||||
if not Helpers.in_path(
|
||||
Helpers.get_os_understandable_path(server_info["backup_path"]),
|
||||
if not Helpers.is_subdir(
|
||||
backup_file,
|
||||
Helpers.get_os_understandable_path(server_info["backup_path"]),
|
||||
) or not os.path.isfile(backup_file):
|
||||
self.redirect("/panel/error?error=Invalid path detected")
|
||||
return
|
||||
@ -1476,8 +1476,9 @@ class PanelHandler(BaseHandler):
|
||||
|
||||
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
||||
|
||||
if not Helpers.in_path(
|
||||
Helpers.get_os_understandable_path(server_info["path"]), file
|
||||
if not Helpers.is_subdir(
|
||||
file,
|
||||
Helpers.get_os_understandable_path(server_info["path"]),
|
||||
) or not os.path.isfile(file):
|
||||
self.redirect("/panel/error?error=Invalid path detected")
|
||||
return
|
||||
|
||||
@ -278,11 +278,11 @@ class UploadHandler(BaseHandler):
|
||||
filename = self.request.headers.get("X-FileName", None)
|
||||
full_path = os.path.join(path, filename)
|
||||
|
||||
if not Helpers.in_path(
|
||||
if not Helpers.is_subdir(
|
||||
full_path,
|
||||
Helpers.get_os_understandable_path(
|
||||
self.controller.servers.get_server_data_by_id(server_id)["path"]
|
||||
),
|
||||
full_path,
|
||||
):
|
||||
logger.warning(
|
||||
f"User {user_id} tried to upload a file to {server_id} "
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user