def actionWrapper(self, path):
if "." in path and not path.endswith(".html"):
return self.actionSiteMedia(
"/media" + path) # Only serve html files with frame
if self.env.get("HTTP_X_REQUESTED_WITH"):
return self.error403() # No ajax allowed on wrapper
match = re.match("/(?P<site>[A-Za-z0-9]+)(?P<inner_path>/.*|$)", path)
if match:
inner_path = match.group("inner_path").lstrip("/")
if not inner_path:
inner_path = "index.html" # If inner path defaults to index.html
site = self.server.sites.get(match.group("site"))
if site and site.content and (
not site.bad_files
or site.settings["own"]): # Its downloaded or own
title = site.content["title"]
else:
title = "Loading %s..." % match.group("site")
site = SiteManager.need(
match.group("site")) # Start download site
if not site: self.error404()
self.sendHeader(extra_headers=[("X-Frame-Options", "DENY")])
# Wrapper variable inits
if self.env.get("QUERY_STRING"):
query_string = "?" + self.env["QUERY_STRING"]
else:
query_string = ""
body_style = ""
if site.content and site.content.get("background-color"):
body_style += "background-color: " + site.content[
"background-color"] + ";"
return self.render(
"src/Ui/template/wrapper.html",
inner_path=inner_path,
address=match.group("site"),
title=title,
body_style=body_style,
query_string=query_string,
wrapper_key=site.settings["wrapper_key"],
permissions=json.dumps(site.settings["permissions"]),
show_loadingscreen=json.dumps(
not os.path.isfile(site.getPath(inner_path))),
homepage=config.homepage)
else: # Bad url
return self.error404(path)
def actionSiteMedia(self, path):
path = path.replace("/index.html/",
"/") # Base Backward compatibility fix
match = re.match("/media/(?P<site>[A-Za-z0-9]+)/(?P<inner_path>.*)",
path)
referer = self.env.get("HTTP_REFERER")
if referer: # Only allow same site to receive media
referer = re.sub("http://.*?/", "/",
referer) # Remove server address
referer = referer.replace("/media", "") # Media
if not referer.startswith("/" + match.group("site")):
return self.error403(
) # Referer not starts same address as requested path
if match: # Looks like a valid path
file_path = "data/%s/%s" % (match.group("site"),
match.group("inner_path"))
allowed_dir = os.path.abspath(
"data/%s" %
match.group("site")) # Only files within data/sitehash allowed
if ".." in file_path or not os.path.dirname(
os.path.abspath(file_path)).startswith(
allowed_dir): # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith(
"all."
): # When debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(match.group("site"))
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exits
return self.actionFile(file_path)
else: # File not exits, try to download
site = SiteManager.need(match.group("site"),
all_file=False)
self.sendHeader(content_type=self.getContentType(
file_path)) # ?? Get Exception without this
result = site.needFile(
match.group("inner_path"),
priority=1) # Wait until file downloads
return self.actionFile(file_path)
else: # Bad url
return self.error404(path)