def download_file(filename: str):
"""
Download a translated file
"""
if args.disable_files_translation:
abort(400,
description="Files translation are disabled on this server.")
filepath = os.path.join(get_upload_dir(), filename)
try:
checked_filepath = security.path_traversal_check(
filepath, get_upload_dir())
if os.path.isfile(checked_filepath):
filepath = checked_filepath
except security.SuspiciousFileOperation:
abort(400, description="Invalid filename")
return_data = io.BytesIO()
with open(filepath, 'rb') as fo:
return_data.write(fo.read())
return_data.seek(0)
download_filename = filename.split('.')
download_filename.pop(0)
download_filename = '.'.join(download_filename)
return send_file(return_data,
as_attachment=True,
download_name=download_filename)
def get(self, request, pk=None, project_pk=None, unsafe_asset_path=""):
"""
Downloads a task asset (if available)
"""
task = self.get_and_check_task(request, pk)
# Check for directory traversal attacks
try:
asset_path = path_traversal_check(
task.assets_path(unsafe_asset_path), task.assets_path(""))
except SuspiciousFileOperation:
raise exceptions.NotFound(_("Asset does not exist"))
if (not os.path.exists(asset_path)) or os.path.isdir(asset_path):
raise exceptions.NotFound(_("Asset does not exist"))
return download_file_response(request, asset_path, 'inline')
def get_plugins_persistent_path(*paths):
return path_traversal_check(os.path.join(settings.MEDIA_ROOT, "plugins", *paths), os.path.join(settings.MEDIA_ROOT, "plugins"))