def test_get_path_from_uid(aaa): """Find the path shared from a specific sharing UID""" t.root_dir = "/tmp/test" # aaa.current_user.username = '******' aaa.user_is_anonymous = True prep_folder(True) r = t.get_path_from_uid("usertest", "XYZ22") assert r == "/test/path" try: r = t.get_path_from_uid("../../../../../../../../etc", "passwd") assert False except: pass del_folder(True)
def list_shared(user, uid, path='.'): """If the path is a file: return it's content if the path is a folder: return a list of files in the folder if parameter 'format' is specified return the path in the specified format (zip only for now) """ real_shared_path = get_path_from_uid(user, uid) # print(real_shared_path) permitted = join_path(root_dir, real_shared_path) try: real_path = get_real_path(permitted, path) except IOError: abort(403, PATH_ERROR) # print("getting {}".format(real_path)) print(request.GET.keys()) if request.GET.get('format', 'raw').strip() == 'zip': print('got zip') archive = archive_path(real_path) return list_dir(archive) return list_dir(real_path)