mirror of
https://gitlab.com/crafty-controller/crafty-4.git
synced 2025-01-19 09:45:28 +01:00
Merge branch 'bug/server-import-copy-loop' into 'dev'
Be sure a user cannot server import crafty dir See merge request crafty-controller/crafty-4!506
This commit is contained in:
Iain Powrie
commit
95e21d9245
@ -7,6 +7,7 @@ TBD
|
|||||||
- Fix '+' char in path causing any file operation to fail. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/502))
|
- Fix '+' char in path causing any file operation to fail. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/502))
|
||||||
- Fix colours on public pages. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/504))
|
- Fix colours on public pages. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/504))
|
||||||
- Fix bug where public background was not sent to public pages...like the error page resulting in an error...ironic...I know. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/505))
|
- Fix bug where public background was not sent to public pages...like the error page resulting in an error...ironic...I know. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/505))
|
||||||
|
- Be sure a user cannot server import crafty dir. ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/506))
|
||||||
### Tweaks
|
### Tweaks
|
||||||
TBD
|
TBD
|
||||||
### Lang
|
### Lang
|
||||||
|
|||||||
@ -2,6 +2,7 @@ import json
|
|||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import time
|
import time
|
||||||
|
from pathlib import Path
|
||||||
import tornado.web
|
import tornado.web
|
||||||
import tornado.escape
|
import tornado.escape
|
||||||
import bleach
|
import bleach
|
||||||
@ -319,6 +320,13 @@ class ServerHandler(BaseHandler):
|
|||||||
return
|
return
|
||||||
import_type = bleach.clean(self.get_argument("create_type", ""))
|
import_type = bleach.clean(self.get_argument("create_type", ""))
|
||||||
import_server_path = bleach.clean(self.get_argument("server_path", ""))
|
import_server_path = bleach.clean(self.get_argument("server_path", ""))
|
||||||
|
if Path(self.controller.project_root).is_relative_to(import_server_path):
|
||||||
|
self.redirect(
|
||||||
|
"/panel/error?error=Loop Error: The selected path will cause"
|
||||||
|
" an infinite copy loop. Make sure Crafty's directory is not"
|
||||||
|
" in your server path."
|
||||||
|
)
|
||||||
|
return
|
||||||
import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
|
import_server_jar = bleach.clean(self.get_argument("server_jar", ""))
|
||||||
server_parts = server.split("|")
|
server_parts = server.split("|")
|
||||||
captured_roles = []
|
captured_roles = []
|
||||||
@ -468,6 +476,13 @@ class ServerHandler(BaseHandler):
|
|||||||
return
|
return
|
||||||
import_type = bleach.clean(self.get_argument("create_type", ""))
|
import_type = bleach.clean(self.get_argument("create_type", ""))
|
||||||
import_server_path = bleach.clean(self.get_argument("server_path", ""))
|
import_server_path = bleach.clean(self.get_argument("server_path", ""))
|
||||||
|
if Path(self.controller.project_root).is_relative_to(import_server_path):
|
||||||
|
self.redirect(
|
||||||
|
"/panel/error?error=Loop Error: The selected path will cause"
|
||||||
|
" an infinite copy loop. Make sure Crafty's directory is not"
|
||||||
|
" in your server path."
|
||||||
|
)
|
||||||
|
return
|
||||||
import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
|
import_server_exe = bleach.clean(self.get_argument("server_jar", ""))
|
||||||
server_parts = server.split("|")
|
server_parts = server.split("|")
|
||||||
captured_roles = []
|
captured_roles = []
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user