From e8cac14c2f138501f23d38bda619fd460ac667c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gina=20H=C3=A4u=C3=9Fge?= Date: Mon, 15 Aug 2016 14:11:34 +0200 Subject: [PATCH] Make sure uploads folder only has sanitized entries Should make sure stuff doesn't break when people perform manual file operations on the uploads folder (e.g. uploading files that don't match the sanitization scheme). Should solve #1434 --- src/octoprint/filemanager/storage.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/octoprint/filemanager/storage.py b/src/octoprint/filemanager/storage.py index fc0f6034..b4578fff 100644 --- a/src/octoprint/filemanager/storage.py +++ b/src/octoprint/filemanager/storage.py @@ -10,6 +10,7 @@ import logging import os import pylru import tempfile +import shutil import octoprint.filemanager @@ -895,6 +896,28 @@ class LocalFileStorage(StorageInterface): entry_path = os.path.join(path, entry) + sanitized = self.sanitize_name(entry) + if sanitized != entry: + # entry is not sanitized yet, let's take care of that + sanitized_path = os.path.join(path, sanitized) + sanitized_name, sanitized_ext = os.path.splitext(sanitized) + + counter = 1 + while os.path.exists(sanitized_path): + counter += 1 + sanitized = self.sanitize_name("{}_({}){}".format(sanitized_name, counter, sanitized_ext)) + sanitized_path = os.path.join(path, sanitized) + + try: + shutil.move(entry_path, sanitized_path) + + self._logger.info("Sanitized \"{}\" to \"{}\"".format(entry_path, sanitized_path)) + entry = sanitized + entry_path = sanitized_path + except: + self._logger.exception("Error while trying to rename \"{}\" to \"{}\", ignoring file".format(entry_path, sanitized_path)) + continue + # file handling if os.path.isfile(entry_path): file_type = octoprint.filemanager.get_file_type(entry)