def __init__(self, request, absolute_path, base_url, rest_url):
"""
absolute_path - path in filesystem to the root directory
base_url - url prefix of this filemanager instance
rest_url - relative sub path of the current view
it is assumed that 'absolute_path' and 'base_url' are internal values
and 'rest_url' are a external given value from the requested user.
"""
self.request = request
self.absolute_path = add_slash(absolute_path)
self.base_url = clean_posixpath(base_url)
rest_url = urllib.unquote(rest_url)
rest_url = add_slash(rest_url)
# To protect from directory traversal attack
# https://en.wikipedia.org/wiki/Directory_traversal_attack
clean_rest_url = clean_posixpath(rest_url)
if clean_rest_url != rest_url:
# path changed cause of "illegal" characters
raise DirectoryTraversalAttack(
"path %s is not equal to cleaned path: %s" %
(repr(rest_url), repr(clean_rest_url)))
self.rel_url = rest_url.lstrip("/")
self.rel_path = add_slash(os.path.normpath(self.rel_url))
self.abs_path = clean_posixpath(
os.path.join(self.absolute_path, self.rel_path))
self.check_path(self.absolute_path, self.abs_path)
self.abs_url = posixpath.join(self.base_url, self.rel_url)
if not os.path.isdir(self.abs_path):
raise Http404("Formed path %r doesn't exist." % self.abs_path)
self.breadcrumbs = self.build_breadcrumbs()
def __init__(self, request, absolute_path, base_url, rest_url):
"""
absolute_path - path in filesystem to the root directory
base_url - url prefix of this filemanager instance
rest_url - relative sub path of the current view
it is assumed that 'absolute_path' and 'base_url' are internal values
and 'rest_url' are a external given value from the requested user.
"""
self.request = request
self.absolute_path = add_slash(absolute_path)
self.base_url = clean_posixpath(base_url)
rest_url = urllib.unquote(rest_url)
rest_url = add_slash(rest_url)
# To protect from directory traversal attack
# https://en.wikipedia.org/wiki/Directory_traversal_attack
clean_rest_url = clean_posixpath(rest_url)
if clean_rest_url != rest_url:
# path changed cause of "illegal" characters
raise DirectoryTraversalAttack(
"path %s is not equal to cleaned path: %s" % (repr(rest_url), repr(clean_rest_url))
)
self.rel_url = rest_url.lstrip("/")
self.rel_path = add_slash(os.path.normpath(self.rel_url))
self.abs_path = clean_posixpath(os.path.join(self.absolute_path, self.rel_path))
self.check_path(self.absolute_path, self.abs_path)
self.abs_url = posixpath.join(self.base_url, self.rel_url)
if not os.path.isdir(self.abs_path):
raise Http404("Formed path %r doesn't exist." % self.abs_path)
self.breadcrumbs = self.build_breadcrumbs()
def __init__(self, config, *args, **kwargs):
# # use unauthorized signs from preferences
# pref_form = GalleryPrefForm()
# preferences = pref_form.get_preferences()
# unauthorized_signs = preferences["unauthorized_signs"]
# kwargs["unauthorized_signs"] = unauthorized_signs
super(Gallery, self).__init__(*args, **kwargs)
# Galleries are only allowed in STATIC_ROOT
static_root = add_slash(settings.STATIC_ROOT)
self.check_path(static_root, self.abs_path)
self.config = config
self.static_base_url = posixpath.normpath(posixpath.join(settings.STATIC_URL, config.path, self.rel_url))
dirs, pictures, thumbs = self.read_dir(self.abs_path)
self.dir_info = self.build_dir_info(dirs)
self.picture_info = self.build_picture_info(pictures, thumbs)
def __init__(self, config, *args, **kwargs):
# # use unauthorized signs from preferences
# pref_form = GalleryPrefForm()
# preferences = pref_form.get_preferences()
# unauthorized_signs = preferences["unauthorized_signs"]
# kwargs["unauthorized_signs"] = unauthorized_signs
super(Gallery, self).__init__(*args, **kwargs)
# Galleries are only allowed in STATIC_ROOT
static_root = add_slash(settings.STATIC_ROOT)
self.check_path(static_root, self.abs_path)
self.config = config
self.static_base_url = posixpath.normpath(
posixpath.join(settings.STATIC_URL, config.path, self.rel_url))
dirs, pictures, thumbs = self.read_dir(self.abs_path)
self.dir_info = self.build_dir_info(dirs)
self.picture_info = self.build_picture_info(pictures, thumbs)
def __init__(self, request, absolute_path, base_url, rest_url):
"""
absolute_path - path in filesystem to the root directory
base_url - url prefix of this filemanager instance
rest_url - relative sub path of the current view
it is assumed that 'absolute_path' and 'base_url' are internal values
and 'rest_url' are a external given value from the requested user.
TODO: Use django_tools.validators.ExistingDirValidator and merge code!
"""
self.request = request
self.absolute_path = add_slash(absolute_path)
self.base_url = clean_posixpath(base_url)
self.dir_validator = ExistingDirValidator(self.absolute_path)
rest_url = add_slash(rest_url)
try:
self.dir_validator(rest_url)
except ValidationError as err:
if settings.DEBUG:
raise Http404(err)
else:
raise Http404(_("Directory doesn't exist!"))
self.rel_url = posixpath.normpath(rest_url).lstrip("/")
self.abs_url = posixpath.join(self.base_url, rest_url)
if not os.path.isdir(self.absolute_path):
if settings.DEBUG:
raise Http404(
f"Formed path {self.absolute_path!r} doesn't exist.")
else:
raise Http404(_("Directory doesn't exist!"))
# # print("rest_url 1: %r" % rest_url)
# for part in STOP_PARTS:
# if part in rest_url:
# raise DirectoryTraversalAttack("Stop chars %r found!" % part)
#
# rest_url = urllib.parse.unquote(rest_url)
# # print("rest_url 2: %r" % rest_url)
#
#
#
# # To protect from directory traversal attack
# # https://en.wikipedia.org/wiki/Directory_traversal_attack
# clean_rest_url = clean_posixpath(rest_url)
# if clean_rest_url != rest_url:
# # path changed cause of "illegal" characters
# raise DirectoryTraversalAttack(
# "path %s is not equal to cleaned path: %s" % (repr(rest_url), repr(clean_rest_url))
# )
#
# self.rel_url = rest_url.lstrip("/")
# self.rel_path = add_slash(os.path.normpath(self.rel_url))
#
# self.abs_path = clean_posixpath(os.path.join(self.absolute_path, self.rel_path))
# self.check_path(self.absolute_path, self.abs_path)
#
# self.abs_url = posixpath.join(self.base_url, self.rel_url)
#
# if not os.path.isdir(self.abs_path):
# raise Http404("Formed path %r doesn't exist." % self.abs_path)
self.breadcrumbs = self.build_breadcrumbs()
def __init__(self, request, absolute_path, base_url, rest_url):
"""
absolute_path - path in filesystem to the root directory
base_url - url prefix of this filemanager instance
rest_url - relative sub path of the current view
it is assumed that 'absolute_path' and 'base_url' are internal values
and 'rest_url' are a external given value from the requested user.
TODO: Use django_tools.validators.ExistingDirValidator and merge code!
"""
self.request = request
self.absolute_path = add_slash(absolute_path)
self.base_url = clean_posixpath(base_url)
self.dir_validator = ExistingDirValidator(self.absolute_path)
rest_url = add_slash(rest_url)
try:
rest_path = self.dir_validator(rest_url)
except ValidationError as err:
if settings.DEBUG:
raise Http404(err)
else:
raise Http404(_("Directory doesn't exist!"))
self.rel_url = posixpath.normpath(rest_url).lstrip("/")
self.abs_url = posixpath.join(self.base_url, rest_path)
if not os.path.isdir(self.abs_path):
if settings.DEBUG:
raise Http404("Formed path %r doesn't exist." % self.abs_path)
else:
raise Http404(_("Directory doesn't exist!"))
# # print("rest_url 1: %r" % rest_url)
# for part in STOP_PARTS:
# if part in rest_url:
# raise DirectoryTraversalAttack("Stop chars %r found!" % part)
#
# rest_url = urllib.parse.unquote(rest_url)
# # print("rest_url 2: %r" % rest_url)
#
#
#
# # To protect from directory traversal attack
# # https://en.wikipedia.org/wiki/Directory_traversal_attack
# clean_rest_url = clean_posixpath(rest_url)
# if clean_rest_url != rest_url:
# # path changed cause of "illegal" characters
# raise DirectoryTraversalAttack(
# "path %s is not equal to cleaned path: %s" % (repr(rest_url), repr(clean_rest_url))
# )
#
# self.rel_url = rest_url.lstrip("/")
# self.rel_path = add_slash(os.path.normpath(self.rel_url))
#
# self.abs_path = clean_posixpath(os.path.join(self.absolute_path, self.rel_path))
# self.check_path(self.absolute_path, self.abs_path)
#
# self.abs_url = posixpath.join(self.base_url, self.rel_url)
#
# if not os.path.isdir(self.abs_path):
# raise Http404("Formed path %r doesn't exist." % self.abs_path)
self.breadcrumbs = self.build_breadcrumbs()
