Mercurial > p > roundup > code

diff roundup/cgi/client.py @ 5231:8743b7226dc7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix issue with retreiving raw template files using the @@file mechanism. This changes the static_files option in config.ini from supporting a single directory to support multiple directories. If one of the directory elements is '-' (i.e. a lone hyphen) the search is stopped and the TEMPLATES directory is not searched. Since the TEMPLATES directory is not searched the raw templates aren't accessed. See: https://sourceforge.net/p/roundup/mailman/message/35773357/ Message subject: showing template sources to all for details. Also check in CHANGES.txt that mentions a couple of other small improvements in the roundup-admin command.
author John Rouillard <rouilj@ieee.org>
date Tue, 11 Apr 2017 22:20:13 -0400
parents 14d8f61e6ef2
children 198b6e810c67
line wrap: on
line diff
--- a/roundup/cgi/client.py	Tue Apr 11 21:51:28 2017 -0400
+++ b/roundup/cgi/client.py	Tue Apr 11 22:20:13 2017 -0400
@@ -1439,13 +1439,33 @@
             prefix = self.instance.config[dir_option]
             if not prefix:
                 continue
-            # ensure the load doesn't try to poke outside
-            # of the static files directory
-            prefix = os.path.normpath(prefix)
-            filename = os.path.normpath(os.path.join(prefix, file))
-            if os.path.isfile(filename) and filename.startswith(prefix):
+            if type(prefix) is str:
+                # prefix can be a string or list depending on
+                # option. Make it a list to iterate over.
+                prefix = [ prefix ]
+
+            for p in prefix:
+                # if last element of STATIC_FILES ends with '/-',
+                # we failed to find the file and we should
+                # not look in TEMPLATES. So raise exception.
+                if dir_option == 'STATIC_FILES' and p[-2:] == '/-':
+                    raise NotFound(file)
+
+                # ensure the load doesn't try to poke outside
+                # of the static files directory
+                p = os.path.normpath(p)
+                filename = os.path.normpath(os.path.join(p, file))
+                if os.path.isfile(filename) and filename.startswith(p):
+                    break # inner loop over list of directories
+                else:
+                    # reset filename to None as sentinel for use below.
+                    filename = None
+
+            # break out of outer loop over options
+            if filename:
                 break
-        else:
+
+        if filename is None: # we didn't find a filename
             raise NotFound(file)
 
         # last-modified time
Roundup Issue Tracker: http://roundup-tracker.org/