vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add fix for relative paths in user files lookup and add test

Browse source
This commit is contained in:
Joseph Schorr 2017-04-21 15:54:15 -04:00
parent e9672326a8
commit 4bb725dce0
2 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
data/userfiles.py
View file

@ -32,6 +32,7 @@ class UserfilesHandlers(View):
file_header_bytes = buffered.peek(1024)
return send_file(buffered, mimetype=self._magic.from_buffer(file_header_bytes))
except IOError:
logger.exception('Error reading user file')
abort(404)
def put(self, file_id):
@ -73,7 +74,8 @@ class DelegateUserfiles(object):
url_scheme=self._app.config['PREFERRED_URL_SCHEME'])
def get_file_id_path(self, file_id):
return os.path.join(self._prefix, file_id)
# Note: We use basename here to prevent paths with ..'s and absolute paths.
return os.path.join(self._prefix, os.path.basename(file_id))
def prepare_for_drop(self, mime_type, requires_cors=True):
""" Returns a signed URL to upload a file to our bucket. """