mirror of
https://github.com/GNS3/gns3-server
synced 2024-12-01 04:38:12 +00:00
Merge pull request #1230 from GNS3/consitance-about-exc
Keep consistance of aiohttp.web.HTTPForbidden() execution
This commit is contained in:
commit
a80355998d
@ -407,6 +407,6 @@ class IOUHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if filename[0] == ".":
|
if filename[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
|
|
||||||
yield from response.file(image_path)
|
yield from response.file(image_path)
|
||||||
|
@ -231,7 +231,7 @@ class ProjectHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if path[0] == ".":
|
if path[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
path = os.path.join(project.path, path)
|
path = os.path.join(project.path, path)
|
||||||
|
|
||||||
response.content_type = "application/octet-stream"
|
response.content_type = "application/octet-stream"
|
||||||
@ -272,7 +272,7 @@ class ProjectHandler:
|
|||||||
|
|
||||||
# Raise an error if user try to escape
|
# Raise an error if user try to escape
|
||||||
if path[0] == ".":
|
if path[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
path = os.path.join(project.path, path)
|
path = os.path.join(project.path, path)
|
||||||
|
|
||||||
response.content_type = "application/octet-stream"
|
response.content_type = "application/octet-stream"
|
||||||
@ -314,7 +314,7 @@ class ProjectHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if path[0] == ".":
|
if path[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
path = os.path.join(project.path, path)
|
path = os.path.join(project.path, path)
|
||||||
|
|
||||||
response.set_status(200)
|
response.set_status(200)
|
||||||
|
@ -498,6 +498,6 @@ class QEMUHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if filename[0] == ".":
|
if filename[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
|
|
||||||
yield from response.file(image_path)
|
yield from response.file(image_path)
|
||||||
|
@ -15,7 +15,6 @@
|
|||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
import os
|
|
||||||
import aiohttp
|
import aiohttp
|
||||||
|
|
||||||
from gns3server.web.route import Route
|
from gns3server.web.route import Route
|
||||||
@ -370,7 +369,7 @@ class NodeHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if path[0] == ".":
|
if path[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
|
|
||||||
node_type = node.node_type
|
node_type = node.node_type
|
||||||
path = "/project-files/{}/{}/{}".format(node_type, node.id, path)
|
path = "/project-files/{}/{}/{}".format(node_type, node.id, path)
|
||||||
@ -406,7 +405,7 @@ class NodeHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if path[0] == ".":
|
if path[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
|
|
||||||
node_type = node.node_type
|
node_type = node.node_type
|
||||||
path = "/project-files/{}/{}/{}".format(node_type, node.id, path)
|
path = "/project-files/{}/{}/{}".format(node_type, node.id, path)
|
||||||
|
@ -398,7 +398,7 @@ class ProjectHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if path[0] == ".":
|
if path[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
path = os.path.join(project.path, path)
|
path = os.path.join(project.path, path)
|
||||||
|
|
||||||
response.content_type = "application/octet-stream"
|
response.content_type = "application/octet-stream"
|
||||||
@ -440,7 +440,7 @@ class ProjectHandler:
|
|||||||
|
|
||||||
# Raise error if user try to escape
|
# Raise error if user try to escape
|
||||||
if path[0] == ".":
|
if path[0] == ".":
|
||||||
raise aiohttp.web.HTTPForbidden
|
raise aiohttp.web.HTTPForbidden()
|
||||||
path = os.path.join(project.path, path)
|
path = os.path.join(project.path, path)
|
||||||
|
|
||||||
response.set_status(200)
|
response.set_status(200)
|
||||||
|
Loading…
Reference in New Issue
Block a user