Mercurial > libervia-backend
comparison frontends/src/jp/cmd_blog.py @ 1926:55a7328fafb6
jp (blog/edit): do not remove files if they are not in the temporary dir hierarchy
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Fri, 25 Mar 2016 11:45:57 +0100 |
| parents | 53b51866747f |
| children | 03f780b60d5d |
comparison
equal
deleted
inserted
replaced
| 1925:53b51866747f | 1926:55a7328fafb6 |
|---|---|
| 114 @param sat_conf(ConfigParser.ConfigParser): instance opened on sat configuration | 114 @param sat_conf(ConfigParser.ConfigParser): instance opened on sat configuration |
| 115 @param path(str): file to unlink | 115 @param path(str): file to unlink |
| 116 """ | 116 """ |
| 117 if not os.path.isfile(path): | 117 if not os.path.isfile(path): |
| 118 raise OSError(u"path must link to a regular file") | 118 raise OSError(u"path must link to a regular file") |
| 119 if not path.startswith(self.getTmpDir(sat_conf)): | |
| 120 self.disp(u"File {} is not in blog temporary hierarchy, we do not remove it".format(path.decode('utf-8')), 2) | |
| 121 return | |
| 119 backup_dir = self.getTmpDir(sat_conf, SECURE_UNLINK_DIR) | 122 backup_dir = self.getTmpDir(sat_conf, SECURE_UNLINK_DIR) |
| 120 if not os.path.exists(backup_dir): | 123 if not os.path.exists(backup_dir): |
| 121 os.makedirs(backup_dir) | 124 os.makedirs(backup_dir) |
| 122 filename = os.path.basename(path) | 125 filename = os.path.basename(path) |
| 123 backup_path = os.path.join(backup_dir, filename) | 126 backup_path = os.path.join(backup_dir, filename) |
| 309 content_path=content_file_path, meta_path=meta_file_path), error=True) | 312 content_path=content_file_path, meta_path=meta_file_path), error=True) |
| 310 self.host.quit(0) | 313 self.host.quit(0) |
| 311 | 314 |
| 312 if len(content) == 0: | 315 if len(content) == 0: |
| 313 self.disp(u"Content is empty, cancelling the blog edition") | 316 self.disp(u"Content is empty, cancelling the blog edition") |
| 317 if not content_file_path.startswith(self.getTmpDir(sat_conf)): | |
| 318 self.disp(u"File are not in blog temporary hierarchy, we do not remove it", 2) | |
| 319 self.host.quit() | |
| 314 self.disp(u"Deletion of {}".format(content_file_path.decode('utf-8')), 2) | 320 self.disp(u"Deletion of {}".format(content_file_path.decode('utf-8')), 2) |
| 315 os.unlink(content_file_path) | 321 os.unlink(content_file_path) |
| 316 self.disp(u"Deletion of {}".format(meta_file_path.decode('utf-8')), 2) | 322 self.disp(u"Deletion of {}".format(meta_file_path.decode('utf-8')), 2) |
| 317 os.unlink(meta_file_path) | 323 os.unlink(meta_file_path) |
| 318 self.host.quit() | 324 self.host.quit() |