github/pelican
1
0
Fork 1
mirror of https://github.com/getpelican/pelican.git synced 2025-10-15 20:28:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check safety of save_as earlier if possible

Browse source 
The check in the writer still serves as a safety net.
This commit is contained in:
Jonas Wielicki 2017-02-03 09:13:14 +01:00
commit 018f4468cc
5 changed files with 103 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

18
pelican/writers.py
View file

@ -13,7 +13,7 @@ import six
from pelican import signals
from pelican.paginator import Paginator
from pelican.utils import (get_relative_path, is_selected_for_writing,
path_to_url, set_date_tzinfo)
path_to_url, sanitised_join, set_date_tzinfo)
if not six.PY3:
from codecs import open
@ -21,18 +21,6 @@ if not six.PY3:
logger = logging.getLogger(__name__)
def _sanitised_join(base_directory, *parts):
joined = os.path.abspath(os.path.join(base_directory, *parts))
if not joined.startswith(base_directory):
raise RuntimeError(
"attempt to break out of output directory to {}".format(
joined
)
)
return joined
class Writer(object):
def __init__(self, output_path, settings=None):
@ -135,7 +123,7 @@ class Writer(object):
self._add_item_to_the_feed(feed, elements[i])
if path:
complete_path = _sanitised_join(self.output_path, path)
complete_path = sanitised_join(self.output_path, path)
try:
os.makedirs(os.path.dirname(complete_path))
@ -182,7 +170,7 @@ class Writer(object):
if localcontext['localsiteurl']:
context['localsiteurl'] = localcontext['localsiteurl']
output = template.render(localcontext)
path = _sanitised_join(output_path, name)
path = sanitised_join(output_path, name)
try:
os.makedirs(os.path.dirname(path))