示例#1
0
 def test_existing_dirs(self):
     BASE_PATH = os.path.abspath(os.path.dirname(django_tools.__file__))
     validator = ExistingDirValidator(BASE_PATH)
     for root, dirs, files in os.walk(BASE_PATH):
         for dir in dirs:
             path = os.path.join(root, dir)
             validator(path)
示例#2
0
    def __init__(self, request, absolute_path, base_url, rest_url):
        """
        absolute_path - path in filesystem to the root directory
        base_url - url prefix of this filemanager instance
        rest_url - relative sub path of the current view

        it is assumed that 'absolute_path' and 'base_url' are internal values
        and 'rest_url' are a external given value from the requested user.

        TODO: Use django_tools.validators.ExistingDirValidator and merge code!
        """
        self.request = request
        self.absolute_path = add_slash(absolute_path)
        self.base_url = clean_posixpath(base_url)

        self.dir_validator = ExistingDirValidator(self.absolute_path)

        rest_url = add_slash(rest_url)
        try:
            self.dir_validator(rest_url)
        except ValidationError as err:
            if settings.DEBUG:
                raise Http404(err)
            else:
                raise Http404(_("Directory doesn't exist!"))

        self.rel_url = posixpath.normpath(rest_url).lstrip("/")
        self.abs_url = posixpath.join(self.base_url, rest_url)
        if not os.path.isdir(self.absolute_path):
            if settings.DEBUG:
                raise Http404(
                    f"Formed path {self.absolute_path!r} doesn't exist.")
            else:
                raise Http404(_("Directory doesn't exist!"))

        # # print("rest_url 1: %r" % rest_url)
        # for part in STOP_PARTS:
        #     if part in rest_url:
        #         raise DirectoryTraversalAttack("Stop chars %r found!" % part)
        #
        # rest_url = urllib.parse.unquote(rest_url)
        # # print("rest_url 2: %r" % rest_url)
        #
        #
        #
        # # To protect from directory traversal attack
        # # https://en.wikipedia.org/wiki/Directory_traversal_attack
        # clean_rest_url = clean_posixpath(rest_url)
        # if clean_rest_url != rest_url:
        #     # path changed cause of "illegal" characters
        #     raise DirectoryTraversalAttack(
        #         "path %s is not equal to cleaned path: %s" % (repr(rest_url), repr(clean_rest_url))
        #     )
        #
        # self.rel_url = rest_url.lstrip("/")
        # self.rel_path = add_slash(os.path.normpath(self.rel_url))
        #
        # self.abs_path = clean_posixpath(os.path.join(self.absolute_path, self.rel_path))
        # self.check_path(self.absolute_path, self.abs_path)
        #
        # self.abs_url = posixpath.join(self.base_url, self.rel_url)
        #
        # if not os.path.isdir(self.abs_path):
        #     raise Http404("Formed path %r doesn't exist." % self.abs_path)

        self.breadcrumbs = self.build_breadcrumbs()
示例#3
0
 def setUpClass(cls):
     cls.media_root_validator = ExistingDirValidator()
示例#4
0
 def setUpClass(cls):
     super(TestExistingDirValidator, cls).setUpClass()
     cls.media_root_validator = ExistingDirValidator()