def _loc_to_file_path(self, path, environ):
root_path = self.root_folder_path
path_parts = path.strip("/").split("/")
file_path = os.path.abspath(os.path.join(root_path, *path_parts))
if not file_path.startswith(root_path):
raise RuntimeError(f'Security exception: tried to access file '
f'outside root: {file_path}')
file_path = util.to_unicode_safe(file_path)
return file_path
def _loc_to_file_path(self, path, environ=None):
"""Convert resource path to a unicode absolute file path.
Optional environ argument may be useful e.g. in relation to per-user
sub-folder chrooting inside root_folder_path.
"""
root_path = self.root_folder_path
assert root_path is not None
assert compat.is_native(root_path)
assert compat.is_native(path)
path_parts = path.strip("/").split("/")
file_path = os.path.abspath(os.path.join(root_path, *path_parts))
if not file_path.startswith(root_path):
raise RuntimeError(
"Security exception: tried to access file outside root: {}".
format(file_path))
# Convert to unicode
file_path = util.to_unicode_safe(file_path)
return file_path
def _loc_to_file_path(self, path, environ=None):
course_id = self._get_course_id(path)
try:
course = self.course_factory.get_course(course_id)
except:
raise DAVError(HTTP_NOT_FOUND,
"Unknown course {}".format(course_id))
path_to_course_fs = course.get_fs()
path_to_course = os.path.abspath(path_to_course_fs.prefix)
file_path = os.path.abspath(
os.path.join(path_to_course, *self._get_inner_path(path)))
if not file_path.startswith(path_to_course):
raise RuntimeError(
"Security exception: tried to access file outside course root: {}"
.format(file_path))
# Convert to unicode
file_path = util.to_unicode_safe(file_path)
return file_path
def _loc_to_file_path(self, path, environ=None):
"""Convert resource path to a unicode absolute file path.
Optional environ argument may be useful e.g. in relation to per-user
sub-folder chrooting inside root_folder_path.
"""
root_path = self.root_folder_path
assert root_path is not None
assert compat.is_native(root_path)
assert compat.is_native(path)
path_parts = path.strip("/").split("/")
file_path = os.path.abspath(os.path.join(root_path, *path_parts))
if not file_path.startswith(root_path):
raise RuntimeError(
"Security exception: tried to access file outside root: {}".format(
file_path
)
)
# Convert to unicode
file_path = util.to_unicode_safe(file_path)
return file_path
def _loc_to_file_path(self, path, environ=None):
"""
Same as the parent class, but uses the new _render_root method
"""
root_path = self._render_root(environ)
assert root_path is not None
assert compat.is_native(root_path)
assert compat.is_native(path)
path_parts = path.strip("/").split("/")
file_path = os.path.abspath(
os.path.join(root_path, *path_parts)
)
if not file_path.startswith(root_path):
raise RuntimeError(
"Security exception: tried to access file outside root: {}".format(
file_path
)
)
# Convert to unicode
file_path = util.to_unicode_safe(file_path)
return file_path