def actionSiteMedia(self, path):
path = path.replace("/index.html/", "/") # Base Backward compatibility fix
match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path)
referer = self.env.get("HTTP_REFERER")
if referer and match: # Only allow same site to receive media
if not self.isMediaRequestAllowed(match.group("address"), referer):
return self.error403("Media referer error") # Referer not starts same address as requested path
if match: # Looks like a valid path
address = match.group("address")
file_path = "data/%s/%s" % (address, match.group("inner_path"))
allowed_dir = os.path.abspath("data/%s" % address) # Only files within data/sitehash allowed
data_dir = os.path.abspath("data") # No files from data/ allowed
if ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or allowed_dir == data_dir: # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith("all."): # When debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exits
return self.actionFile(file_path)
else: # File not exits, try to download
site = SiteManager.site_manager.need(address, all_file=False)
self.sendHeader(content_type=self.getContentType(file_path)) # ?? Get Exception without this
result = site.needFile(match.group("inner_path"), priority=1) # Wait until file downloads
return self.actionFile(file_path)
else: # Bad url
return self.error404(path)
def actionUiMedia(self, path):
if path == "/uimedia/all.js" or path == "/uimedia/all.css":
# First yield the original file and header
body_generator = super(UiRequestPlugin, self).actionUiMedia(path)
for part in body_generator:
yield part
# Append our media file to the end
ext = re.match(".*(js|css)$", path).group(1)
plugin_media_file = "%s/all.%s" % (media_dir, ext)
if config.debug:
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(plugin_media_file)
if ext == "js":
yield _.translateData(open(plugin_media_file).read())
else:
for part in self.actionFile(plugin_media_file, send_header=False):
yield part
elif path.startswith("/uimedia/globe/"): # Serve WebGL globe files
file_name = re.match(".*/(.*)", path).group(1)
plugin_media_file = "%s-globe/%s" % (media_dir, file_name)
if config.debug and path.endswith("all.js"):
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(plugin_media_file)
for part in self.actionFile(plugin_media_file):
yield part
else:
for part in super(UiRequestPlugin, self).actionUiMedia(path):
yield part
def actionSiteMedia(self, path, header_length=True, header_noscript=False):
try:
path_parts = self.parsePath(path)
except SecurityError as err:
return self.error403(err)
if not path_parts:
return self.error404(path)
# Check wrapper nonce
content_type = self.getContentType(path_parts["inner_path"])
address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site and site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if not address or address == ".":
return self.error403(path_parts["inner_path"])
header_allow_ajax = False
if self.get.get("ajax_key"):
site = SiteManager.site_manager.get(path_parts["request_address"])
if self.get["ajax_key"] == site.settings["ajax_key"]:
header_allow_ajax = True
else:
return self.error403("Invalid ajax_key")
file_size = helper.getFilesize(file_path)
if file_size is not None:
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript, header_allow_ajax=header_allow_ajax, file_size=file_size, path_parts=path_parts)
elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect
if path_parts["inner_path"]:
return self.actionRedirect("./%s/" % path_parts["inner_path"].split("/")[-1])
else:
return self.actionRedirect("./%s/" % path_parts["address"])
else: # File not exists, try to download
if address not in SiteManager.site_manager.sites: # Only in case if site already started downloading
return self.actionSiteAddPrompt(path)
site = SiteManager.site_manager.need(address)
if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites
return self.actionFile("src/Ui/media/img/favicon.ico")
result = site.needFile(path_parts["inner_path"], priority=15) # Wait until file downloads
if result:
file_size = helper.getFilesize(file_path)
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript, header_allow_ajax=header_allow_ajax, file_size=file_size, path_parts=path_parts)
else:
self.log.debug("File not found: %s" % path_parts["inner_path"])
return self.error404(path_parts["inner_path"])
def actionUiMedia(self, path):
if path == "/uimedia/all.js" or path == "/uimedia/all.css":
# First yield the original file and header
body_generator = super(UiRequestPlugin, self).actionUiMedia(path)
for part in body_generator:
yield part
# Append our media file to the end
ext = re.match(".*(js|css)$", path).group(1)
plugin_media_file = "%s/all.%s" % (media_dir, ext)
if config.debug:
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(plugin_media_file)
for part in self.actionFile(plugin_media_file, send_header=False):
yield part
elif path.startswith("/uimedia/globe/"): # Serve WebGL globe files
file_name = re.match(".*/(.*)", path).group(1)
plugin_media_file = "%s-globe/%s" % (media_dir, file_name)
if config.debug and path.endswith("all.js"):
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(plugin_media_file)
for part in self.actionFile(plugin_media_file):
yield part
else:
for part in super(UiRequestPlugin, self).actionUiMedia(path):
yield part
def actionSiteMedia(self, path, header_length=True, header_noscript=False):
try:
path_parts = self.parsePath(path)
except SecurityError as err:
return self.error403(err)
if not path_parts:
return self.error404(path)
# Check wrapper nonce
content_type = self.getContentType(path_parts["inner_path"])
address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site and site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if not address or address == ".":
return self.error403(path_parts["inner_path"])
header_allow_ajax = False
if self.get.get("ajax_key"):
site = SiteManager.site_manager.get(path_parts["request_address"])
if self.get["ajax_key"] == site.settings["ajax_key"]:
header_allow_ajax = True
else:
return self.error403("Invalid ajax_key")
file_size = helper.getFilesize(file_path)
if file_size is not None:
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript, header_allow_ajax=header_allow_ajax, file_size=file_size, path_parts=path_parts)
elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect
if path_parts["inner_path"]:
return self.actionRedirect("./%s/" % path_parts["inner_path"].split("/")[-1])
else:
return self.actionRedirect("./%s/" % path_parts["address"])
else: # File not exists, try to download
if address not in SiteManager.site_manager.sites: # Only in case if site already started downloading
return self.actionSiteAddPrompt(path)
site = SiteManager.site_manager.need(address)
if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites
return self.actionFile("src/Ui/media/img/favicon.ico")
result = site.needFile(path_parts["inner_path"], priority=15) # Wait until file downloads
if result:
file_size = helper.getFilesize(file_path)
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript, header_allow_ajax=header_allow_ajax, file_size=file_size, path_parts=path_parts)
else:
self.log.debug("File not found: %s" % path_parts["inner_path"])
return self.error404(path_parts["inner_path"])
def actionUiMedia(self, path, *args, **kwargs):
if path.startswith("/uimedia/plugins/uifilemanager/"):
file_path = path.replace("/uimedia/plugins/uifilemanager/",
plugin_dir + "/media/")
if config.debug and (file_path.endswith("all.js")
or file_path.endswith("all.css")):
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(file_path)
if file_path.endswith("js"):
data = _.translateData(open(file_path).read(),
mode="js").encode("utf8")
elif file_path.endswith("html"):
if self.get.get("address"):
site = self.server.site_manager.need(
self.get.get("address"))
if "content.json" not in site.content_manager.contents:
site.needFile("content.json")
data = _.translateData(open(file_path).read(),
mode="html").encode("utf8")
else:
data = open(file_path, "rb").read()
return self.actionFile(file_path,
file_obj=io.BytesIO(data),
file_size=len(data))
else:
return super().actionUiMedia(path)
def actionSiteMedia(self, path, header_length=True, header_noscript=False):
if ".." in path: # File not in allowed path
return self.error403("Invalid file path")
path_parts = self.parsePath(path)
if not path_parts:
return self.error404(path)
# Check wrapper nonce
content_type = self.getContentType(path_parts["inner_path"])
if "htm" in content_type and not header_noscript: # Valid nonce must present to render html files
wrapper_nonce = self.get.get("wrapper_nonce")
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
else:
referer = self.env.get("HTTP_REFERER")
if referer and path_parts: # Only allow same site to receive media
if not self.isSameOrigin(self.getRequestUrl(), self.getReferer()):
self.log.error(
"Media referrer error: %s not allowed from %s" % (self.getRequestUrl(), self.getReferer()))
return self.error403("Media referrer error") # Referrer not starts same address as requested path
address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site and site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if not address or address == ".":
return self.error403(path_parts["inner_path"])
if os.path.isfile(file_path): # File exists
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript)
elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect
if path_parts["inner_path"]:
return self.actionRedirect("./%s/" % path_parts["inner_path"].split("/")[-1])
else:
return self.actionRedirect("./%s/" % path_parts["address"])
else: # File not exists, try to download
if address not in SiteManager.site_manager.sites: # Only in case if site already started downloading
return self.actionSiteAddPrompt(path)
site = SiteManager.site_manager.need(address)
if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites
return self.actionFile("src/Ui/media/img/favicon.ico")
result = site.needFile(path_parts["inner_path"], priority=15) # Wait until file downloads
if result:
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript)
else:
self.log.debug("File not found: %s" % path_parts["inner_path"])
# Site larger than allowed, re-add wrapper nonce to allow reload
if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024:
self.server.wrapper_nonces.append(self.get.get("wrapper_nonce"))
return self.error404(path_parts["inner_path"])
def actionSiteMedia(self, path, header_length=True, header_noscript=False):
if ".." in path: # File not in allowed path
return self.error403("Invalid file path")
path_parts = self.parsePath(path)
# Check wrapper nonce
content_type = self.getContentType(path_parts["inner_path"])
if "htm" in content_type and not header_noscript: # Valid nonce must present to render html files
wrapper_nonce = self.get.get("wrapper_nonce")
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
else:
referer = self.env.get("HTTP_REFERER")
if referer and path_parts: # Only allow same site to receive media
if not self.isSameOrigin(self.getRequestUrl(), self.getReferer()):
self.log.error("Media referrer error: %s not allowed from %s" % (self.getRequestUrl(), self.getReferer()))
return self.error403("Media referrer error") # Referrer not starts same address as requested path
if path_parts: # Looks like a valid path
address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site and site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if not address or address == ".":
return self.error403(path_parts["inner_path"])
if os.path.isfile(file_path): # File exists
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript)
elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect
if path_parts["inner_path"]:
return self.actionRedirect("./%s/" % path_parts["inner_path"].split("/")[-1])
else:
return self.actionRedirect("./%s/" % path_parts["address"])
else: # File not exists, try to download
if address not in SiteManager.site_manager.sites: # Only in case if site already started downloading
return self.actionSiteAddPrompt(path)
site = SiteManager.site_manager.need(address)
if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites
return self.actionFile("src/Ui/media/img/favicon.ico")
result = site.needFile(path_parts["inner_path"], priority=15) # Wait until file downloads
if result:
return self.actionFile(file_path, header_length=header_length, header_noscript=header_noscript)
else:
self.log.debug("File not found: %s" % path_parts["inner_path"])
# Site larger than allowed, re-add wrapper nonce to allow reload
if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024:
self.server.wrapper_nonces.append(self.get.get("wrapper_nonce"))
return self.error404(path_parts["inner_path"])
else: # Bad url
return self.error404(path)
def actionSiteMedia(self, path, header_length=True):
path_parts = self.parsePath(path)
# Check wrapper nonce
content_type = self.getContentType(path)
if "htm" in content_type: # Valid nonce must present to render html files
wrapper_nonce = self.get.get("wrapper_nonce")
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
referer = self.env.get("HTTP_REFERER")
if referer and path_parts: # Only allow same site to receive media
if not self.isMediaRequestAllowed(path_parts["request_address"], referer):
self.log.error("Media referrer error: %s not allowed from %s" % (path_parts["address"], referer))
return self.error403("Media referrer error") # Referrer not starts same address as requested path
if path_parts: # Looks like a valid path
address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed
data_dir = os.path.abspath(config.data_dir) # No files from data/ allowed
if (
".." in file_path or
not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or
allowed_dir == data_dir
): # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exists
return self.actionFile(file_path, header_length=header_length)
elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect
return self.actionRedirect("./{0}/".format(path_parts["inner_path"].split("/")[-1]))
else: # File not exists, try to download
site = SiteManager.site_manager.need(address, all_file=False)
if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites
return self.actionFile("src/Ui/media/img/favicon.ico")
result = site.needFile(path_parts["inner_path"], priority=5) # Wait until file downloads
if result:
return self.actionFile(file_path, header_length=header_length)
else:
self.log.debug("File not found: %s" % path_parts["inner_path"])
# Site larger than allowed, re-add wrapper nonce to allow reload
if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024:
self.server.wrapper_nonces.append(self.get.get("wrapper_nonce"))
return self.error404(path_parts["inner_path"])
else: # Bad url
return self.error404(path)
def actionSiteMedia(self, path):
path = path.replace("/index.html/", "/") # Base Backward compatibility fix
if path.endswith("/"):
path = path + "index.html"
match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path)
# Check wrapper nonce
content_type = self.getContentType(path)
if "htm" in content_type: # Valid nonce must present to render html files
wrapper_nonce = self.get.get("wrapper_nonce")
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
referer = self.env.get("HTTP_REFERER")
if referer and match: # Only allow same site to receive media
if not self.isMediaRequestAllowed(match.group("address"), referer):
return self.error403("Media referrer error") # Referrer not starts same address as requested path
if match: # Looks like a valid path
address = match.group("address")
file_path = "%s/%s/%s" % (config.data_dir, address, match.group("inner_path"))
allowed_dir = os.path.abspath(
"%s/%s" % (config.data_dir, address)
) # Only files within data/sitehash allowed
data_dir = os.path.abspath("data") # No files from data/ allowed
if (
".." in file_path
or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir)
or allowed_dir == data_dir
): # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exits
return self.actionFile(file_path)
else: # File not exits, try to download
site = SiteManager.site_manager.need(address, all_file=False)
result = site.needFile(match.group("inner_path"), priority=5) # Wait until file downloads
if result:
return self.actionFile(file_path)
else:
self.log.debug("File not found: %s" % match.group("inner_path"))
# Site larger than allowed, re-add wrapper nonce to allow reload
if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024:
self.server.wrapper_nonces.append(self.get.get("wrapper_nonce"))
return self.error404(match.group("inner_path"))
else: # Bad url
return self.error404(path)
def actionSiteMedia(self, path, header_length=True):
path_parts = self.parsePath(path)
# Check wrapper nonce
content_type = self.getContentType(path)
if "htm" in content_type: # Valid nonce must present to render html files
wrapper_nonce = self.get.get("wrapper_nonce")
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
referer = self.env.get("HTTP_REFERER")
if referer and path_parts: # Only allow same site to receive media
if not self.isMediaRequestAllowed(path_parts["request_address"], referer):
self.log.error("Media referrer error: %s not allowed from %s" % (path_parts["address"], referer))
return self.error403("Media referrer error") # Referrer not starts same address as requested path
if path_parts: # Looks like a valid path
address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed
data_dir = os.path.abspath(config.data_dir) # No files from data/ allowed
if (
".." in file_path or
not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or
allowed_dir == data_dir
): # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exists
return self.actionFile(file_path, header_length=header_length)
elif os.path.isdir(file_path): # If this is actually a folder, add "/" and redirect
return self.actionRedirect("./{0}/".format(path_parts["inner_path"].split("/")[-1]))
else: # File not exists, try to download
site = SiteManager.site_manager.need(address, all_file=False)
if path_parts["inner_path"].endswith("favicon.ico"): # Default favicon for all sites
return self.actionFile("src/Ui/media/img/favicon.ico")
result = site.needFile(path_parts["inner_path"], priority=5) # Wait until file downloads
if result:
return self.actionFile(file_path, header_length=header_length)
else:
self.log.debug("File not found: %s" % path_parts["inner_path"])
# Site larger than allowed, re-add wrapper nonce to allow reload
if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024:
self.server.wrapper_nonces.append(self.get.get("wrapper_nonce"))
return self.error404(path_parts["inner_path"])
else: # Bad url
return self.error404(path)
def actionUiMedia(self, path, *args, **kwargs):
if path.startswith("/uimedia/plugins/uiconfig/"):
file_path = path.replace("/uimedia/plugins/uiconfig/", "plugins/UiConfig/media/")
if config.debug and (file_path.endswith("all.js") or file_path.endswith("all.css")):
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(file_path)
return self.actionFile(file_path)
else:
return super(UiRequestPlugin, self).actionUiMedia(path)
def actionSiteMedia(self, path):
path = path.replace("/index.html/", "/") # Base Backward compatibility fix
if path.endswith("/"):
path = path + "index.html"
match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path)
# Check wrapper nonce
content_type = self.getContentType(path)
if "htm" in content_type: # Valid nonce must present to render html files
wrapper_nonce = self.get.get("wrapper_nonce")
if wrapper_nonce not in self.server.wrapper_nonces:
return self.error403("Wrapper nonce error. Please reload the page.")
self.server.wrapper_nonces.remove(self.get["wrapper_nonce"])
referer = self.env.get("HTTP_REFERER")
if referer and match: # Only allow same site to receive media
if not self.isMediaRequestAllowed(match.group("address"), referer):
return self.error403("Media referrer error") # Referrer not starts same address as requested path
if match: # Looks like a valid path
address = match.group("address")
file_path = "%s/%s/%s" % (config.data_dir, address, match.group("inner_path"))
allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed
data_dir = os.path.abspath("data") # No files from data/ allowed
if (
".." in file_path
or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir)
or allowed_dir == data_dir
): # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exits
return self.actionFile(file_path)
else: # File not exits, try to download
site = SiteManager.site_manager.need(address, all_file=False)
result = site.needFile(match.group("inner_path"), priority=5) # Wait until file downloads
if result:
return self.actionFile(file_path)
else:
self.log.debug("File not found: %s" % match.group("inner_path"))
# Site larger than allowed, re-add wrapper nonce to allow reload
if site.settings.get("size", 0) > site.getSizeLimit() * 1024 * 1024:
self.server.wrapper_nonces.append(self.get.get("wrapper_nonce"))
return self.error404(match.group("inner_path"))
else: # Bad url
return self.error404(path)
def actionSiteMedia(self, path):
path = path.replace("/index.html/",
"/") # Base Backward compatibility fix
if path.endswith("/"): path = path + "index.html"
match = re.match(
"/media/(?P<address>[A-Za-z0-9\._-]+)/(?P<inner_path>.*)", path)
referer = self.env.get("HTTP_REFERER")
if referer and match: # Only allow same site to receive media
if not self.isMediaRequestAllowed(match.group("address"), referer):
return self.error403(
"Media referrer error"
) # Referrer not starts same address as requested path
if match: # Looks like a valid path
address = match.group("address")
file_path = "data/%s/%s" % (address, match.group("inner_path"))
allowed_dir = os.path.abspath(
"data/%s" % address) # Only files within data/sitehash allowed
data_dir = os.path.abspath("data") # No files from data/ allowed
if ".." in file_path or not os.path.dirname(
os.path.abspath(file_path)).startswith(
allowed_dir
) or allowed_dir == data_dir: # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith(
"all."
): # When debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address)
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exits
#self.sendHeader(content_type=self.getContentType(file_path)) # ?? Get Exception without this
return self.actionFile(file_path)
else: # File not exits, try to download
site = SiteManager.site_manager.need(address,
all_file=False)
result = site.needFile(
match.group("inner_path"),
priority=1) # Wait until file downloads
if result:
#self.sendHeader(content_type=self.getContentType(file_path))
return self.actionFile(file_path)
else:
self.log.debug("File not found: %s" %
match.group("inner_path"))
return self.error404(match.group("inner_path"))
else: # Bad url
return self.error404(path)
def actionUiMedia(self, path):
match = re.match("/uimedia/(?P<inner_path>.*)", path)
if match: # Looks like a valid path
file_path = "src/Ui/media/%s" % match.group("inner_path")
allowed_dir = os.path.abspath("src/Ui/media") # Only files within data/sitehash allowed
if ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir): # File not in allowed path
return self.error403()
else:
if config.debug and match.group("inner_path").startswith("all."): # When debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(file_path)
return self.actionFile(file_path)
else: # Bad url
return self.error400()
def actionUiMedia(self, path):
match = re.match("/uimedia/(?P<inner_path>.*)", path)
if match: # Looks like a valid path
file_path = "src/Ui/media/%s" % match.group("inner_path")
allowed_dir = os.path.abspath("src/Ui/media") # Only files within data/sitehash allowed
if ".." in file_path or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir): # File not in allowed path
return self.error403()
else:
if config.debug and match.group("inner_path").startswith("all."): # When debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(file_path)
return self.actionFile(file_path)
else: # Bad url
return self.error400()
def actionSiteMedia(self, path):
path = path.replace("/index.html/",
"/") # Base Backward compatibility fix
match = re.match("/media/(?P<site>[A-Za-z0-9]+)/(?P<inner_path>.*)",
path)
referer = self.env.get("HTTP_REFERER")
if referer: # Only allow same site to receive media
referer = re.sub("http://.*?/", "/",
referer) # Remove server address
referer = referer.replace("/media", "") # Media
if not referer.startswith("/" + match.group("site")):
return self.error403(
) # Referer not starts same address as requested path
if match: # Looks like a valid path
file_path = "data/%s/%s" % (match.group("site"),
match.group("inner_path"))
allowed_dir = os.path.abspath(
"data/%s" %
match.group("site")) # Only files within data/sitehash allowed
if ".." in file_path or not os.path.dirname(
os.path.abspath(file_path)).startswith(
allowed_dir): # File not in allowed path
return self.error403()
else:
if config.debug and file_path.split("/")[-1].startswith(
"all."
): # When debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(match.group("site"))
if site.settings["own"]:
from Debug import DebugMedia
DebugMedia.merge(file_path)
if os.path.isfile(file_path): # File exits
return self.actionFile(file_path)
else: # File not exits, try to download
site = SiteManager.need(match.group("site"),
all_file=False)
self.sendHeader(content_type=self.getContentType(
file_path)) # ?? Get Exception without this
result = site.needFile(
match.group("inner_path"),
priority=1) # Wait until file downloads
return self.actionFile(file_path)
else: # Bad url
return self.error404(path)
def actionUiMedia(self, path, *args, **kwargs):
if path.startswith("/uimedia/plugins/uiconfig/"):
file_path = path.replace("/uimedia/plugins/uiconfig/", "plugins/UiConfig/media/")
if config.debug and (file_path.endswith("all.js") or file_path.endswith("all.css")):
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(file_path)
if file_path.endswith("js"):
data = _.translateData(open(file_path).read(), mode="js")
elif file_path.endswith("html"):
data = _.translateData(open(file_path).read(), mode="html")
else:
data = open(file_path).read()
return self.actionFile(file_path, file_obj=StringIO(data), file_size=len(data))
else:
return super(UiRequestPlugin, self).actionUiMedia(path)
def actionUiMedia(self, path, *args, **kwargs):
if path.startswith("/uimedia/plugins/uiconfig/"):
file_path = path.replace("/uimedia/plugins/uiconfig/", "plugins/UiConfig/media/")
if config.debug and (file_path.endswith("all.js") or file_path.endswith("all.css")):
# If debugging merge *.css to all.css and *.js to all.js
from Debug import DebugMedia
DebugMedia.merge(file_path)
if file_path.endswith("js"):
data = _.translateData(open(file_path).read(), mode="js")
elif file_path.endswith("html"):
data = _.translateData(open(file_path).read(), mode="html")
else:
data = open(file_path).read()
return self.actionFile(file_path, file_obj=StringIO(data), file_size=len(data))
else:
return super(UiRequestPlugin, self).actionUiMedia(path)
