Beispiel #1
0
def get_l10n(session, tid, lang):
    """
    Transaction for retrieving the custom texts configured for a specific language

    :param session: An ORM session
    :param tid:  The tenant ID of the tenant on which perform the lookup
    :param lang: A requested language
    :return: A dictionary containing the custom texts configured for a specific language
    """
    if tid != 1:
        config = ConfigFactory(session, tid)

        if config.get_val('mode') != 'default':
            tid = 1

    path = langfile_path(lang)
    directory_traversal_check(Settings.client_path, path)

    custom_texts = session.query(models.CustomTexts).filter(models.CustomTexts.lang == lang, models.CustomTexts.tid == tid).one_or_none()
    custom_texts = custom_texts.texts if custom_texts is not None else {}

    texts = read_json_file(path)

    texts.update(custom_texts)

    return texts
Beispiel #2
0
    def delete(self, id):
        yield self.permission_check(id)

        path = os.path.join(self.state.settings.files_path, id)
        directory_traversal_check(self.state.settings.files_path, path)
        if os.path.exists(path):
            os.remove(path)

        result = yield models.delete(models.File, models.File.tid == self.request.tid, models.File.id == id)
        returnValue(result)
Beispiel #3
0
def delete_file(session, tid, id_or_name):
    file_obj = db_get_file_by_id_or_name(session, tid, id_or_name)
    if not file_obj:
        return

    path = os.path.join(State.settings.files_path, file_obj.id)
    directory_traversal_check(State.settings.files_path, path)
    if os.path.exists(path):
        os.remove(path)

    return session.delete(file_obj)
Beispiel #4
0
    def get(self, filename):
        if not filename:
            filename = 'index.html'

        abspath = os.path.abspath(os.path.join(self.root, filename))

        directory_traversal_check(self.root, abspath)

        if os.path.exists(abspath) and os.path.isfile(abspath):
            return self.write_file(filename, abspath)

        raise errors.ResourceNotFound()
Beispiel #5
0
    def get(self, rfile_id):
        rfile, tip_prv_key = yield self.download_rfile(self.request.tid, self.current_user.user_id, rfile_id)

        filelocation = os.path.join(Settings.attachments_path, rfile['filename'])

        directory_traversal_check(Settings.attachments_path, filelocation)

        if tip_prv_key:
            tip_prv_key = GCE.asymmetric_decrypt(self.current_user.cc, tip_prv_key)
            fo = GCE.streaming_encryption_open('DECRYPT', tip_prv_key, filelocation)
            yield self.write_file_as_download_fo(rfile['name'], fo)
        else:
            yield self.write_file_as_download(rfile['name'], filelocation)
Beispiel #6
0
    def get(self, rfile_id):
        rfile, tip_prv_key = yield self.download_rfile(self.request.tid, self.current_user.user_id, rfile_id)

        filelocation = os.path.join(Settings.attachments_path, rfile['filename'])

        directory_traversal_check(Settings.attachments_path, filelocation)

        if tip_prv_key:
            tip_prv_key = GCE.asymmetric_decrypt(self.current_user.cc, tip_prv_key)
            fo = GCE.streaming_encryption_open('DECRYPT', tip_prv_key, filelocation)
            yield self.write_file_as_download_fo(rfile['name'], fo)
        else:
            yield self.write_file_as_download(rfile['name'], filelocation)
Beispiel #7
0
    def get(self, filename):
        if not filename:
            filename = 'index.html'

        abspath = os.path.abspath(os.path.join(self.root, filename))

        directory_traversal_check(self.root, abspath)

        if os.path.exists(abspath + '.gz') and os.path.isfile(abspath + '.gz'):
            return self.write_file(filename + '.gz', abspath + '.gz')
        elif os.path.exists(abspath) and os.path.isfile(abspath):
            return self.write_file(filename, abspath)

        raise errors.ResourceNotFound()
Beispiel #8
0
def get_l10n(session, tid, lang):
    if tid != 1:
        config = ConfigFactory(session, 1)

        if config.get_val(u'mode') == u'whistleblowing.it':
            tid = 1

    path = langfile_path(lang)
    directory_traversal_check(Settings.client_path, path)

    if not os.path.exists(path):
        raise errors.ResourceNotFound()

    texts = read_json_file(path)

    custom_texts = session.query(models.CustomTexts).filter(models.CustomTexts.lang == lang, models.CustomTexts.tid == tid).one_or_none()
    custom_texts = custom_texts.texts if custom_texts is not None else {}

    texts.update(custom_texts)

    return texts
Beispiel #9
0
 def test_directory_traversal_check_allowed(self):
     valid_access = os.path.join(Settings.files_path, "valid.txt")
     directory_traversal_check(Settings.files_path, valid_access)
Beispiel #10
0
 def test_directory_traversal_check_allowed(self):
     valid_access = os.path.join(Settings.files_path, "valid.txt")
     fs.directory_traversal_check(Settings.files_path, valid_access)