class HostPathNameForm(HostPathForm):
name = forms.CharField(label=u'Nazwa', max_length=256, validators=[name_validator])
+ def clean_name(self):
+ return clean_path(self.cleaned_data['name'])
+
class HostItemsForm(HostForm):
dirs = forms.MultipleChoiceField(label=u'Katalogi', required=False, widget=forms.MultipleHiddenInput())
import os
import re
from threading import Event
+from django.utils.http import urlunquote
from django.utils.timezone import localtime, UTC
from gridftp import FTPClient, Buffer, HandleAttr, OperationAttr
return False
def compress(self, server, path, files, archive):
+ self._check_disk_stack_args(*([path, archive] + files))
+
if self.match_ext(archive, '.tar.gz', '.tgz'):
cmd, args = 'tar', ['cvzf', archive, '-C', path] + files
elif self.match_ext(archive, '.tar.bz2', '.tbz'):
return self.get(server)
def extract(self, server, archive, dst):
+ self._check_disk_stack_args(*[archive, dst])
+
if self.match_ext(archive, '.tar.gz', '.tgz'):
cmd, args = 'tar', ('xvzf', archive, '-C', dst)
elif self.match_ext(archive, '.tar.bz2', '.tbz'):
self.op_attr.set_disk_stack('#'.join(("popen:argv=", cmd) + args))
return self.get(server)
+
+ @staticmethod
+ def _check_disk_stack_args(*args):
+ for char in ['#', ',', ';', '%23', '%3B']:
+ for arg in args:
+ if char in arg:
+ raise ValueError('Unsupported character `{}` in `{}`!'.format(urlunquote(char), urlunquote(arg)))