pingu_98/MrDraw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Verify extension of uploaded language packs & plugins

Browse source 
Should be valid zip archives/tarballs. Also use only the extension
of an uploaded plugin archive as suffix for the temporary file that's
used for installing it.
This commit is contained in:
Gina Häußge 2015-06-30 18:59:45 +02:00
parent 2db32289f3
commit a1ff6986ca
2 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/octoprint/plugins/pluginmanager/__init__.py
View file

@ -121,11 +121,17 @@ class PluginManagerPlugin(octoprint.plugin.SimpleApiPlugin,
upload_path = flask.request.values[input_upload_path]
upload_name = flask.request.values[input_upload_name]
exts = filter(lambda x: upload_name.endswith(x), (".zip", ".tar.gz", ".tgz", ".tar"))
if not len(exts):
return flask.make_response("File doesn't have a valid extension for a plugin archive", 400)
ext = exts[0]
import tempfile
import shutil
import os
archive = tempfile.NamedTemporaryFile(delete=False, suffix="-{upload_name}".format(**locals()))
archive = tempfile.NamedTemporaryFile(delete=False, suffix="{ext}".format(**locals()))
try:
archive.close()
shutil.copy(upload_path, archive.name)
@ -197,7 +203,7 @@ class PluginManagerPlugin(octoprint.plugin.SimpleApiPlugin,
if url is not None:
pip_args = ["install", sarge.shell_quote(url)]
elif path is not None:
pip_args = ["install", path]
pip_args = ["install", sarge.shell_quote(path)]
else:
raise ValueError("Either url or path must be provided")

8
src/octoprint/server/api/languages.py
View file

@ -90,11 +90,17 @@ def getInstalledLanguagePacks():
def uploadLanguagePack():
input_name = "file"
input_upload_path = input_name + "." + settings().get(["server", "uploads", "pathSuffix"])
if not input_upload_path in request.values:
input_upload_name = input_name + "." + settings().get(["server", "uploads", "nameSuffix"])
if not input_upload_path in request.values or not input_upload_name in request.values:
return make_response("No file included", 400)
upload_name = request.values[input_upload_name]
upload_path = request.values[input_upload_path]
exts = filter(lambda x: upload_name.endswith(x), (".zip", ".tar.gz", ".tgz", ".tar"))
if not len(exts):
return make_response("File doesn't have a valid extension for a plugin archive", 400)
target_path = settings().getBaseFolder("translations")
if tarfile.is_tarfile(upload_path):