crunk/distribusi-verse
2
0
Fork 1
Code Issues Pull Requests Projects Releases 1 Wiki Activity

fixed recursive folders and security issues with send_from_directory

Browse Source
This commit is contained in:
crunk 2022-03-25 11:24:49 +01:00
parent 98387210a1
commit 59159c29a3
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
verse/distribusiworkflow.py
View File

@ -86,7 +86,7 @@ def GetCssFile(distribusi):
def RunDistribusi(userfolder, cssfile): def RunDistribusi(userfolder, cssfile):
parser = build_argparser() parser = build_argparser()
args = parser.parse_args(["-s", cssfile]) args = parser.parse_args(["--menu-with-index", "-s", cssfile])
distribusify(args, userfolder) distribusify(args, userfolder)

10
verse/start.py
View File

@ -5,7 +5,7 @@ from flask import (
redirect, redirect,
url_for, url_for,
session, session,
send_from_directory, Blueprint,
) )
from flask_login import ( from flask_login import (
logout_user, logout_user,
@ -34,6 +34,8 @@ from statuspengguna.registeruser import RegisterUser
from distribusisinfo import DistribusisInfo from distribusisinfo import DistribusisInfo
APP = create_app() APP = create_app()
stash_page = Blueprint("stash_page", __name__, static_folder="stash")
APP.register_blueprint(stash_page)
@APP.before_request @APP.before_request
@ -105,9 +107,9 @@ def selector():
return DistribusiSelector() return DistribusiSelector()
@APP.route("/stash/<path:path>") @APP.route("/stash")
def distribusistash(path): def shortstashurl():
return send_from_directory("stash", path) return redirect(url_for("index"))
@APP.route("/admin", methods=["GET", "POST"]) @APP.route("/admin", methods=["GET", "POST"])