pingu_98/MrDraw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Verify extension of uploaded language packs & plugins

Browse source 
Should be valid zip archives/tarballs. Also use only the extension
of an uploaded plugin archive as suffix for the temporary file that's
used for installing it.
(cherry picked from commit a1ff698)
This commit is contained in:
Gina Häußge 2015-06-30 18:59:45 +02:00
parent eadc9ee795
commit 5e5531f6d8
2 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/octoprint/plugins/pluginmanager/__init__.py
View file

@ -121,11 +121,17 @@ class PluginManagerPlugin(octoprint.plugin.SimpleApiPlugin,
upload_path = flask.request.values[input_upload_path]
upload_name = flask.request.values[input_upload_name]
exts = filter(lambda x: upload_name.endswith(x), (".zip", ".tar.gz", ".tgz", ".tar"))
if not len(exts):
return flask.make_response("File doesn't have a valid extension for a plugin archive", 400)
ext = exts[0]
import tempfile
import shutil
import os
archive = tempfile.NamedTemporaryFile(delete=False, suffix="-{upload_name}".format(**locals()))
archive = tempfile.NamedTemporaryFile(delete=False, suffix="{ext}".format(**locals()))
try:
archive.close()
shutil.copy(upload_path, archive.name)
@ -197,7 +203,7 @@ class PluginManagerPlugin(octoprint.plugin.SimpleApiPlugin,
if url is not None:
pip_args = ["install", sarge.shell_quote(url)]
elif path is not None:
pip_args = ["install", path]
pip_args = ["install", sarge.shell_quote(path)]
else:
raise ValueError("Either url or path must be provided")

8
src/octoprint/server/api/languages.py
View file

@ -90,11 +90,17 @@ def getInstalledLanguagePacks():
def uploadLanguagePack():
input_name = "file"
input_upload_path = input_name + "." + settings().get(["server", "uploads", "pathSuffix"])
if not input_upload_path in request.values:
input_upload_name = input_name + "." + settings().get(["server", "uploads", "nameSuffix"])
if not input_upload_path in request.values or not input_upload_name in request.values:
return make_response("No file included", 400)
upload_name = request.values[input_upload_name]
upload_path = request.values[input_upload_path]
exts = filter(lambda x: upload_name.endswith(x), (".zip", ".tar.gz", ".tgz", ".tar"))
if not len(exts):
return make_response("File doesn't have a valid extension for a plugin archive", 400)
target_path = settings().getBaseFolder("translations")
if tarfile.is_tarfile(upload_path):