phantom/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-01-11 12:12:56 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'commandnotfound-sanitize_filenames'

Browse source
This commit is contained in:
Micah Lee 2016-12-21 22:56:34 -08:00
commit 1d49a1e15c
No known key found for this signature in database
GPG key ID: 403C2657CD994F73
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
onionshare/web.py
View file

@ -17,7 +17,7 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
""" """
import queue, mimetypes, platform, os, sys, socket, logging import queue, mimetypes, platform, os, sys, socket, logging, html
from urllib.request import urlopen from urllib.request import urlopen
from flask import Flask, Response, request, render_template_string, abort from flask import Flask, Response, request, render_template_string, abort
@ -30,7 +30,6 @@ file_info = []
zip_filename = None zip_filename = None
zip_filesize = None zip_filesize = None
def set_file_info(filenames): def set_file_info(filenames):
""" """
Using the list of filenames being shared, fill in details that the web Using the list of filenames being shared, fill in details that the web
@ -42,9 +41,11 @@ def set_file_info(filenames):
# build file info list # build file info list
file_info = {'files': [], 'dirs': []} file_info = {'files': [], 'dirs': []}
for filename in filenames: for filename in filenames:
# strips trailing '/' and sanitizes filename
basename = html.escape(os.path.basename(filename.rstrip('/')))
info = { info = {
'filename': filename, 'filename': filename,
'basename': os.path.basename(filename.rstrip('/')) 'basename': basename
} }
if os.path.isfile(filename): if os.path.isfile(filename):
info['size'] = os.path.getsize(filename) info['size'] = os.path.getsize(filename)
@ -54,6 +55,8 @@ def set_file_info(filenames):
info['size'] = helpers.dir_size(filename) info['size'] = helpers.dir_size(filename)
info['size_human'] = helpers.human_readable_filesize(info['size']) info['size_human'] = helpers.human_readable_filesize(info['size'])
file_info['dirs'].append(info) file_info['dirs'].append(info)
# sort list of files and directories by basename
file_info['files'] = sorted(file_info['files'], key=lambda k: k['basename']) file_info['files'] = sorted(file_info['files'], key=lambda k: k['basename'])
file_info['dirs'] = sorted(file_info['dirs'], key=lambda k: k['basename']) file_info['dirs'] = sorted(file_info['dirs'], key=lambda k: k['basename'])