def actionSiteMedia(self, path): path = path.replace("/index.html/", "/") # Base Backward compatibility fix match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path) referer = self.env.get("HTTP_REFERER") if referer and match: # Only allow same site to receive media if not self.isMediaRequestAllowed(match.group("address"), referer): return self.error403("Media referer error") # Referer not starts same address as requested path if match: # Looks like a valid path address = match.group("address") file_path = "data/%s/%s" % (address, match.group("inner_path")) allowed_dir = os.path.abspath("data/%s" % address) # Only files within data/sitehash allowed data_dir = os.path.abspath("data") # No files from data/ allowed if ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or allowed_dir == data_dir: # File not in allowed path return self.error403() else: if config.debug and file_path.split("/")[-1].startswith("all."): # When debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if os.path.isfile(file_path): # File exits return self.actionFile(file_path) else: # File not exits, try to download site = SiteManager.site_manager.need(address, all_file=False) self.sendHeader(content_type=self.getContentType(file_path)) # ?? Get Exception without this result = site.needFile(match.group("inner_path"), priority=1) # Wait until file downloads return self.actionFile(file_path) else: # Bad url return self.error404(path)
def actionUiMedia(self, path): if path == "/uimedia/all.js" or path == "/uimedia/all.css": # First yield the original file and header body_generator = super(UiRequestPlugin, self).actionUiMedia(path) for part in body_generator: yield part # Append our media file to the end ext = re.match(".*(js|css)$", path).group(1) plugin_media_file = "%s/all.%s" % (media_dir, ext) if config.debug: # If debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(plugin_media_file) if ext == "js": yield _.translateData(open(plugin_media_file).read()) else: for part in self.actionFile(plugin_media_file, send_header=False): yield part elif path.startswith("/uimedia/globe/"): # Serve WebGL globe files file_name = re.match(".*/(.*)", path).group(1) plugin_media_file = "%s-globe/%s" % (media_dir, file_name) if config.debug and path.endswith("all.js"): # If debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(plugin_media_file) for part in self.actionFile(plugin_media_file): yield part else: for part in super(UiRequestPlugin, self).actionUiMedia(path): yield part
def actionSiteMedia(self, path, header_length=True, header_noscript=False): try: path_parts = self.parsePath(path) except SecurityError as err: return self.error403(err) if not path_parts: return self.error404(path) # Check wrapper nonce content_type = self.getContentType(path_parts["inner_path"]) address = path_parts["address"] file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"]) if config.debug and file_path.split("/")[-1].startswith("all."): # If debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site and site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if not address or address == ".": return self.error403(path_parts["inner_path"]) header_allow_ajax = False if self.get.get("ajax_key"): site = SiteManager.site_manager.get(path_parts["request_address"]) if self.get["ajax_key"] == site.settings["ajax_key"]: header_allow_ajax = True else: return self.error403("Invalid ajax_key") file_size = helper.getFilesize(file_path) if file_size is not None: return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript, header_allow_ajax=header_allow_ajax, file_size=file_size, path_parts=path_parts) elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect if path_parts["inner_path"]: return self.actionRedirect("./%s/" % path_parts["inner_path"].split("/")[-1]) else: return self.actionRedirect("./%s/" % path_parts["address"]) else: # File not exists, try to download if address not in SiteManager.site_manager.sites: # Only in case if site already started downloading return self.actionSiteAddPrompt(path) site = SiteManager.site_manager.need(address) if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites return self.actionFile("src/Ui/media/img/favicon.ico") result = site.needFile(path_parts["inner_path"], priority=15) # Wait until file downloads if result: file_size = helper.getFilesize(file_path) return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript, header_allow_ajax=header_allow_ajax, file_size=file_size, path_parts=path_parts) else: self.log.debug("File not found: %s" % path_parts["inner_path"]) return self.error404(path_parts["inner_path"])
def actionUiMedia(self, path): if path == "/uimedia/all.js" or path == "/uimedia/all.css": # First yield the original file and header body_generator = super(UiRequestPlugin, self).actionUiMedia(path) for part in body_generator: yield part # Append our media file to the end ext = re.match(".*(js|css)$", path).group(1) plugin_media_file = "%s/all.%s" % (media_dir, ext) if config.debug: # If debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(plugin_media_file) for part in self.actionFile(plugin_media_file, send_header=False): yield part elif path.startswith("/uimedia/globe/"): # Serve WebGL globe files file_name = re.match(".*/(.*)", path).group(1) plugin_media_file = "%s-globe/%s" % (media_dir, file_name) if config.debug and path.endswith("all.js"): # If debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(plugin_media_file) for part in self.actionFile(plugin_media_file): yield part else: for part in super(UiRequestPlugin, self).actionUiMedia(path): yield part
def actionUiMedia(self, path, *args, **kwargs): if path.startswith("/uimedia/plugins/uifilemanager/"): file_path = path.replace("/uimedia/plugins/uifilemanager/", plugin_dir + "/media/") if config.debug and (file_path.endswith("all.js") or file_path.endswith("all.css")): # If debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(file_path) if file_path.endswith("js"): data = _.translateData(open(file_path).read(), mode="js").encode("utf8") elif file_path.endswith("html"): if self.get.get("address"): site = self.server.site_manager.need( self.get.get("address")) if "content.json" not in site.content_manager.contents: site.needFile("content.json") data = _.translateData(open(file_path).read(), mode="html").encode("utf8") else: data = open(file_path, "rb").read() return self.actionFile(file_path, file_obj=io.BytesIO(data), file_size=len(data)) else: return super().actionUiMedia(path)
def actionSiteMedia(self, path, header_length=True, header_noscript=False): if ".." in path: # File not in allowed path return self.error403("Invalid file path") path_parts = self.parsePath(path) if not path_parts: return self.error404(path) # Check wrapper nonce content_type = self.getContentType(path_parts["inner_path"]) if "htm" in content_type and not header_noscript: # Valid nonce must present to render html files wrapper_nonce = self.get.get("wrapper_nonce") if wrapper_nonce not in self.server.wrapper_nonces: return self.error403("Wrapper nonce error. Please reload the page.") self.server.wrapper_nonces.remove(self.get["wrapper_nonce"]) else: referer = self.env.get("HTTP_REFERER") if referer and path_parts: # Only allow same site to receive media if not self.isSameOrigin(self.getRequestUrl(), self.getReferer()): self.log.error( "Media referrer error: %s not allowed from %s" % (self.getRequestUrl(), self.getReferer())) return self.error403("Media referrer error") # Referrer not starts same address as requested path address = path_parts["address"] file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"]) if config.debug and file_path.split("/")[-1].startswith("all."): # If debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site and site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if not address or address == ".": return self.error403(path_parts["inner_path"]) if os.path.isfile(file_path): # File exists return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript) elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect if path_parts["inner_path"]: return self.actionRedirect("./%s/" % path_parts["inner_path"].split("/")[-1]) else: return self.actionRedirect("./%s/" % path_parts["address"]) else: # File not exists, try to download if address not in SiteManager.site_manager.sites: # Only in case if site already started downloading return self.actionSiteAddPrompt(path) site = SiteManager.site_manager.need(address) if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites return self.actionFile("src/Ui/media/img/favicon.ico") result = site.needFile(path_parts["inner_path"], priority=15) # Wait until file downloads if result: return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript) else: self.log.debug("File not found: %s" % path_parts["inner_path"]) # Site larger than allowed, re-add wrapper nonce to allow reload if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024: self.server.wrapper_nonces.append(self.get.get("wrapper_nonce")) return self.error404(path_parts["inner_path"])
def actionSiteMedia(self, path, header_length=True, header_noscript=False): if ".." in path: # File not in allowed path return self.error403("Invalid file path") path_parts = self.parsePath(path) # Check wrapper nonce content_type = self.getContentType(path_parts["inner_path"]) if "htm" in content_type and not header_noscript: # Valid nonce must present to render html files wrapper_nonce = self.get.get("wrapper_nonce") if wrapper_nonce not in self.server.wrapper_nonces: return self.error403("Wrapper nonce error. Please reload the page.") self.server.wrapper_nonces.remove(self.get["wrapper_nonce"]) else: referer = self.env.get("HTTP_REFERER") if referer and path_parts: # Only allow same site to receive media if not self.isSameOrigin(self.getRequestUrl(), self.getReferer()): self.log.error("Media referrer error: %s not allowed from %s" % (self.getRequestUrl(), self.getReferer())) return self.error403("Media referrer error") # Referrer not starts same address as requested path if path_parts: # Looks like a valid path address = path_parts["address"] file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"]) if config.debug and file_path.split("/")[-1].startswith("all."): # If debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site and site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if not address or address == ".": return self.error403(path_parts["inner_path"]) if os.path.isfile(file_path): # File exists return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript) elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect if path_parts["inner_path"]: return self.actionRedirect("./%s/" % path_parts["inner_path"].split("/")[-1]) else: return self.actionRedirect("./%s/" % path_parts["address"]) else: # File not exists, try to download if address not in SiteManager.site_manager.sites: # Only in case if site already started downloading return self.actionSiteAddPrompt(path) site = SiteManager.site_manager.need(address) if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites return self.actionFile("src/Ui/media/img/favicon.ico") result = site.needFile(path_parts["inner_path"], priority=15) # Wait until file downloads if result: return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript) else: self.log.debug("File not found: %s" % path_parts["inner_path"]) # Site larger than allowed, re-add wrapper nonce to allow reload if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024: self.server.wrapper_nonces.append(self.get.get("wrapper_nonce")) return self.error404(path_parts["inner_path"]) else: # Bad url return self.error404(path)
def actionSiteMedia(self, path, header_length=True): path_parts = self.parsePath(path) # Check wrapper nonce content_type = self.getContentType(path) if "htm" in content_type: # Valid nonce must present to render html files wrapper_nonce = self.get.get("wrapper_nonce") if wrapper_nonce not in self.server.wrapper_nonces: return self.error403("Wrapper nonce error. Please reload the page.") self.server.wrapper_nonces.remove(self.get["wrapper_nonce"]) referer = self.env.get("HTTP_REFERER") if referer and path_parts: # Only allow same site to receive media if not self.isMediaRequestAllowed(path_parts["request_address"], referer): self.log.error("Media referrer error: %s not allowed from %s" % (path_parts["address"], referer)) return self.error403("Media referrer error") # Referrer not starts same address as requested path if path_parts: # Looks like a valid path address = path_parts["address"] file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"]) allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed data_dir = os.path.abspath(config.data_dir) # No files from data/ allowed if ( ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or allowed_dir == data_dir ): # File not in allowed path return self.error403() else: if config.debug and file_path.split("/")[-1].startswith("all."): # If debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if os.path.isfile(file_path): # File exists return self.actionFile(file_path, header_length=header_length) elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect return self.actionRedirect("./{0}/".format(path_parts["inner_path"].split("/")[-1])) else: # File not exists, try to download site = SiteManager.site_manager.need(address, all_file=False) if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites return self.actionFile("src/Ui/media/img/favicon.ico") result = site.needFile(path_parts["inner_path"], priority=5) # Wait until file downloads if result: return self.actionFile(file_path, header_length=header_length) else: self.log.debug("File not found: %s" % path_parts["inner_path"]) # Site larger than allowed, re-add wrapper nonce to allow reload if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024: self.server.wrapper_nonces.append(self.get.get("wrapper_nonce")) return self.error404(path_parts["inner_path"]) else: # Bad url return self.error404(path)
def actionSiteMedia(self, path): path = path.replace("/index.html/", "/") # Base Backward compatibility fix if path.endswith("/"): path = path + "index.html" match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path) # Check wrapper nonce content_type = self.getContentType(path) if "htm" in content_type: # Valid nonce must present to render html files wrapper_nonce = self.get.get("wrapper_nonce") if wrapper_nonce not in self.server.wrapper_nonces: return self.error403("Wrapper nonce error. Please reload the page.") self.server.wrapper_nonces.remove(self.get["wrapper_nonce"]) referer = self.env.get("HTTP_REFERER") if referer and match: # Only allow same site to receive media if not self.isMediaRequestAllowed(match.group("address"), referer): return self.error403("Media referrer error") # Referrer not starts same address as requested path if match: # Looks like a valid path address = match.group("address") file_path = "%s/%s/%s" % (config.data_dir, address, match.group("inner_path")) allowed_dir = os.path.abspath( "%s/%s" % (config.data_dir, address) ) # Only files within data/sitehash allowed data_dir = os.path.abspath("data") # No files from data/ allowed if ( ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or allowed_dir == data_dir ): # File not in allowed path return self.error403() else: if config.debug and file_path.split("/")[-1].startswith("all."): # If debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if os.path.isfile(file_path): # File exits return self.actionFile(file_path) else: # File not exits, try to download site = SiteManager.site_manager.need(address, all_file=False) result = site.needFile(match.group("inner_path"), priority=5) # Wait until file downloads if result: return self.actionFile(file_path) else: self.log.debug("File not found: %s" % match.group("inner_path")) # Site larger than allowed, re-add wrapper nonce to allow reload if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024: self.server.wrapper_nonces.append(self.get.get("wrapper_nonce")) return self.error404(match.group("inner_path")) else: # Bad url return self.error404(path)
def actionUiMedia(self, path, *args, **kwargs): if path.startswith("/uimedia/plugins/uiconfig/"): file_path = path.replace("/uimedia/plugins/uiconfig/", "plugins/UiConfig/media/") if config.debug and (file_path.endswith("all.js") or file_path.endswith("all.css")): # If debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(file_path) return self.actionFile(file_path) else: return super(UiRequestPlugin, self).actionUiMedia(path)
def actionSiteMedia(self, path): path = path.replace("/index.html/", "/") # Base Backward compatibility fix if path.endswith("/"): path = path + "index.html" match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path) # Check wrapper nonce content_type = self.getContentType(path) if "htm" in content_type: # Valid nonce must present to render html files wrapper_nonce = self.get.get("wrapper_nonce") if wrapper_nonce not in self.server.wrapper_nonces: return self.error403("Wrapper nonce error. Please reload the page.") self.server.wrapper_nonces.remove(self.get["wrapper_nonce"]) referer = self.env.get("HTTP_REFERER") if referer and match: # Only allow same site to receive media if not self.isMediaRequestAllowed(match.group("address"), referer): return self.error403("Media referrer error") # Referrer not starts same address as requested path if match: # Looks like a valid path address = match.group("address") file_path = "%s/%s/%s" % (config.data_dir, address, match.group("inner_path")) allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed data_dir = os.path.abspath("data") # No files from data/ allowed if ( ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or allowed_dir == data_dir ): # File not in allowed path return self.error403() else: if config.debug and file_path.split("/")[-1].startswith("all."): # If debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if os.path.isfile(file_path): # File exits return self.actionFile(file_path) else: # File not exits, try to download site = SiteManager.site_manager.need(address, all_file=False) result = site.needFile(match.group("inner_path"), priority=5) # Wait until file downloads if result: return self.actionFile(file_path) else: self.log.debug("File not found: %s" % match.group("inner_path")) # Site larger than allowed, re-add wrapper nonce to allow reload if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024: self.server.wrapper_nonces.append(self.get.get("wrapper_nonce")) return self.error404(match.group("inner_path")) else: # Bad url return self.error404(path)
def actionSiteMedia(self, path): path = path.replace("/index.html/", "/") # Base Backward compatibility fix if path.endswith("/"): path = path + "index.html" match = re.match( "/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path) referer = self.env.get("HTTP_REFERER") if referer and match: # Only allow same site to receive media if not self.isMediaRequestAllowed(match.group("address"), referer): return self.error403( "Media referrer error" ) # Referrer not starts same address as requested path if match: # Looks like a valid path address = match.group("address") file_path = "data/%s/%s" % (address, match.group("inner_path")) allowed_dir = os.path.abspath( "data/%s" % address) # Only files within data/sitehash allowed data_dir = os.path.abspath("data") # No files from data/ allowed if ".." in file_path or not os.path.dirname( os.path.abspath(file_path)).startswith( allowed_dir ) or allowed_dir == data_dir: # File not in allowed path return self.error403() else: if config.debug and file_path.split("/")[-1].startswith( "all." ): # When debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(address) if site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if os.path.isfile(file_path): # File exits #self.sendHeader(content_type=self.getContentType(file_path)) # ?? Get Exception without this return self.actionFile(file_path) else: # File not exits, try to download site = SiteManager.site_manager.need(address, all_file=False) result = site.needFile( match.group("inner_path"), priority=1) # Wait until file downloads if result: #self.sendHeader(content_type=self.getContentType(file_path)) return self.actionFile(file_path) else: self.log.debug("File not found: %s" % match.group("inner_path")) return self.error404(match.group("inner_path")) else: # Bad url return self.error404(path)
def actionUiMedia(self, path): match = re.match("/uimedia/(?P<inner_path>.*)", path) if match: # Looks like a valid path file_path = "src/Ui/media/%s" % match.group("inner_path") allowed_dir = os.path.abspath("src/Ui/media") # Only files within data/sitehash allowed if ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir): # File not in allowed path return self.error403() else: if config.debug and match.group("inner_path").startswith("all."): # When debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(file_path) return self.actionFile(file_path) else: # Bad url return self.error400()
def actionSiteMedia(self, path): path = path.replace("/index.html/", "/") # Base Backward compatibility fix match = re.match("/media/(?P<site>[A-Za-z0-9]+)/(?P<inner_path>.*)", path) referer = self.env.get("HTTP_REFERER") if referer: # Only allow same site to receive media referer = re.sub("http://.*?/", "/", referer) # Remove server address referer = referer.replace("/media", "") # Media if not referer.startswith("/" + match.group("site")): return self.error403( ) # Referer not starts same address as requested path if match: # Looks like a valid path file_path = "data/%s/%s" % (match.group("site"), match.group("inner_path")) allowed_dir = os.path.abspath( "data/%s" % match.group("site")) # Only files within data/sitehash allowed if ".." in file_path or not os.path.dirname( os.path.abspath(file_path)).startswith( allowed_dir): # File not in allowed path return self.error403() else: if config.debug and file_path.split("/")[-1].startswith( "all." ): # When debugging merge *.css to all.css and *.js to all.js site = self.server.sites.get(match.group("site")) if site.settings["own"]: from Debug import DebugMedia DebugMedia.merge(file_path) if os.path.isfile(file_path): # File exits return self.actionFile(file_path) else: # File not exits, try to download site = SiteManager.need(match.group("site"), all_file=False) self.sendHeader(content_type=self.getContentType( file_path)) # ?? Get Exception without this result = site.needFile( match.group("inner_path"), priority=1) # Wait until file downloads return self.actionFile(file_path) else: # Bad url return self.error404(path)
def actionUiMedia(self, path, *args, **kwargs): if path.startswith("/uimedia/plugins/uiconfig/"): file_path = path.replace("/uimedia/plugins/uiconfig/", "plugins/UiConfig/media/") if config.debug and (file_path.endswith("all.js") or file_path.endswith("all.css")): # If debugging merge *.css to all.css and *.js to all.js from Debug import DebugMedia DebugMedia.merge(file_path) if file_path.endswith("js"): data = _.translateData(open(file_path).read(), mode="js") elif file_path.endswith("html"): data = _.translateData(open(file_path).read(), mode="html") else: data = open(file_path).read() return self.actionFile(file_path, file_obj=StringIO(data), file_size=len(data)) else: return super(UiRequestPlugin, self).actionUiMedia(path)