Mercurial > p > roundup > code

diff roundup/cgi/templating.py @ 5145:d22eb1d40d0e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
issue2550701, issue2550891 deal with path traversal issue in TAL based template finding code. Use standard method.
author John Rouillard <rouilj@ieee.org>
date Thu, 14 Jul 2016 18:33:37 -0400
parents 8901cc4ef0e0
children 153833fe124f
line wrap: on
line diff
--- a/roundup/cgi/templating.py	Thu Jul 14 18:03:04 2016 -0400
+++ b/roundup/cgi/templating.py	Thu Jul 14 18:33:37 2016 -0400
@@ -20,7 +20,7 @@
 __docformat__ = 'restructuredtext'
 
 
-import cgi, urllib, re, os.path, mimetypes, csv
+import cgi, urllib, re, os.path, mimetypes, csv, string
 import calendar
 import textwrap
 
@@ -116,9 +116,14 @@
     def _find(self, name):
         """ Find template, return full path and filename of the
             template if it is found, None otherwise."""
+        realsrc = os.path.realpath(self.dir)
         for extension in ['', '.html', '.xml']:
             f = name + extension
-            src = os.path.join(self.dir, f)
+            src = os.path.join(realsrc, f)
+            realpath = os.path.realpath(src)
+            print f, src, realpath, realsrc
+            if string.find(realpath, realsrc) != 0:
+                return # will raise invalid template
             if os.path.exists(src):
                 return (src, f)
Roundup Issue Tracker: http://roundup-tracker.org/