Changeset 7004


Ignore:
Timestamp:
13/06/10 21:58:12 (9 years ago)
Author:
astephen
Message:

secured dirlist.py controller.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • cows_wps/trunk/cows_wps/controllers/dirlist.py

    r5985 r7004  
    88from cows_wps.controllers import * 
    99from cows_wps.lib.ui.proc_config import * 
     10 
     11from cows_wps.utils.create_process_config import createProcessConfig 
    1012 
    1113log = logging.getLogger(__name__) 
     
    2224            return "Please provide an argument path=<Something>" 
    2325 
     26        proc_id = request.params.get("proc_id", None) 
     27        if proc_id == None: 
     28            return "Please provide a valid proc_id." 
     29 
     30        try: 
     31            proc_config = createProcessConfig(proc_id)["Capabilities"] 
     32            basedir = proc_config["DataInputs"]["FilePath"]["basedir"] 
     33            basedir = basedir.rstrip("/") 
     34        except: 
     35            return "Unrecognised proc_id: %s" % proc_id 
     36 
    2437        dr = os.path.split(path)[0] 
    2538        if not os.path.isdir(dr): 
    2639            return "Please provide a valid directory." 
     40        elif dr.find(basedir) < 0 and dr != basedir: 
     41            return "Invalid directory or not allowed." 
    2742 
    2843        items = [os.path.join(dr, x) for x in os.listdir(dr) if x[0] != "."] 
Note: See TracChangeset for help on using the changeset viewer.