|
|
|
@ -481,7 +481,7 @@ class BaseManager:
|
|
|
|
|
|
|
|
|
|
if not path:
|
|
|
|
|
return ""
|
|
|
|
|
orig_path = path
|
|
|
|
|
orig_path = os.path.normpath(path)
|
|
|
|
|
|
|
|
|
|
server_config = self.config.get_section_config("Server")
|
|
|
|
|
img_directory = self.get_images_directory()
|
|
|
|
@ -494,7 +494,14 @@ class BaseManager:
|
|
|
|
|
if re.match(r"^[A-Z]:", path) is not None:
|
|
|
|
|
raise NodeError("{} is not allowed on this remote server. Please only use a file from '{}'".format(path, img_directory))
|
|
|
|
|
|
|
|
|
|
if not os.path.isabs(path):
|
|
|
|
|
# For local server we allow using absolute path outside image directory
|
|
|
|
|
if server_config.getboolean("local", False) is True:
|
|
|
|
|
log.debug("Searching for '{}'".format(orig_path))
|
|
|
|
|
path = force_unix_path(path)
|
|
|
|
|
if os.path.exists(path):
|
|
|
|
|
return path
|
|
|
|
|
raise ImageMissingError(orig_path)
|
|
|
|
|
else:
|
|
|
|
|
for directory in valid_directory_prefices:
|
|
|
|
|
log.debug("Searching for image '{}' in '{}'".format(orig_path, directory))
|
|
|
|
|
path = self._recursive_search_file_in_directory(directory, orig_path)
|
|
|
|
@ -503,38 +510,28 @@ class BaseManager:
|
|
|
|
|
|
|
|
|
|
# Not found we try the default directory
|
|
|
|
|
log.debug("Searching for image '{}' in default directory".format(orig_path))
|
|
|
|
|
|
|
|
|
|
# check that the image path is in the default image directory
|
|
|
|
|
requested_path = os.path.relpath(orig_path, start=img_directory)
|
|
|
|
|
requested_path = os.path.abspath(requested_path)
|
|
|
|
|
common_prefix = os.path.commonprefix([requested_path, img_directory])
|
|
|
|
|
if common_prefix != img_directory:
|
|
|
|
|
raise NodeError("{} is not allowed. Please only use a file from '{}'".format(orig_path, img_directory))
|
|
|
|
|
|
|
|
|
|
s = os.path.split(orig_path)
|
|
|
|
|
path = force_unix_path(os.path.join(img_directory, *s))
|
|
|
|
|
if os.path.exists(path):
|
|
|
|
|
return path
|
|
|
|
|
raise ImageMissingError(orig_path)
|
|
|
|
|
|
|
|
|
|
# For local server we allow using absolute path outside image directory
|
|
|
|
|
if server_config.getboolean("local", False) is True:
|
|
|
|
|
log.debug("Searching for '{}'".format(orig_path))
|
|
|
|
|
path = force_unix_path(path)
|
|
|
|
|
if os.path.exists(path):
|
|
|
|
|
return path
|
|
|
|
|
raise ImageMissingError(orig_path)
|
|
|
|
|
|
|
|
|
|
# Check to see if path is an absolute path to a valid directory
|
|
|
|
|
path = force_unix_path(path)
|
|
|
|
|
for directory in valid_directory_prefices:
|
|
|
|
|
log.debug("Searching for image '{}' in '{}'".format(orig_path, directory))
|
|
|
|
|
if os.path.commonprefix([directory, path]) == directory:
|
|
|
|
|
if os.path.exists(path):
|
|
|
|
|
return path
|
|
|
|
|
raise ImageMissingError(orig_path)
|
|
|
|
|
raise NodeError("{} is not allowed on this remote server. Please only use a file from '{}'".format(path, img_directory))
|
|
|
|
|
|
|
|
|
|
def _recursive_search_file_in_directory(self, directory, searched_file):
|
|
|
|
|
"""
|
|
|
|
|
Search for a file in directory and is subdirectories
|
|
|
|
|
|
|
|
|
|
:returns: Path or None if not found
|
|
|
|
|
"""
|
|
|
|
|
s = os.path.split(searched_file)
|
|
|
|
|
|
|
|
|
|
s = os.path.split(searched_file)
|
|
|
|
|
for root, dirs, files in os.walk(directory):
|
|
|
|
|
for file in files:
|
|
|
|
|
# If filename is the same
|
|
|
|
|