Browse Source

fixed recursive folders and security issues with send_from_directory

current_wdka_release
crunk 3 years ago
parent
commit
59159c29a3
  1. 2
      verse/distribusiworkflow.py
  2. 10
      verse/start.py

2
verse/distribusiworkflow.py

@ -86,7 +86,7 @@ def GetCssFile(distribusi):
def RunDistribusi(userfolder, cssfile): def RunDistribusi(userfolder, cssfile):
parser = build_argparser() parser = build_argparser()
args = parser.parse_args(["-s", cssfile]) args = parser.parse_args(["--menu-with-index", "-s", cssfile])
distribusify(args, userfolder) distribusify(args, userfolder)

10
verse/start.py

@ -5,7 +5,7 @@ from flask import (
redirect, redirect,
url_for, url_for,
session, session,
send_from_directory, Blueprint,
) )
from flask_login import ( from flask_login import (
logout_user, logout_user,
@ -34,6 +34,8 @@ from statuspengguna.registeruser import RegisterUser
from distribusisinfo import DistribusisInfo from distribusisinfo import DistribusisInfo
APP = create_app() APP = create_app()
stash_page = Blueprint("stash_page", __name__, static_folder="stash")
APP.register_blueprint(stash_page)
@APP.before_request @APP.before_request
@ -105,9 +107,9 @@ def selector():
return DistribusiSelector() return DistribusiSelector()
@APP.route("/stash/<path:path>") @APP.route("/stash")
def distribusistash(path): def shortstashurl():
return send_from_directory("stash", path) return redirect(url_for("index"))
@APP.route("/admin", methods=["GET", "POST"]) @APP.route("/admin", methods=["GET", "POST"])

Loading…
Cancel
Save