Initial push support (needs API key, no tests yet)

author: James Tunnicliffe <james.tunnicliffe@linaro.org> 2013-06-05 14:16:41 +0100
committer: James Tunnicliffe <james.tunnicliffe@linaro.org> 2013-06-05 14:16:41 +0100
commit: 746d36bc55b2d83b53907710dc2be7e7256ad577 (patch)
tree: be36e27faa0a40b3b8a4b66d8d259dd547bd1575 /license_protected_downloads/common.py
parent: 72fec9427621b380af0c56901dc810bbd6180fef (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/license_protected_downloads/common.py b/license_protected_downloads/common.py
new file mode 100644
index 0000000..0ad534a
--- /dev/null
+++ b/license_protected_downloads/common.py
@@ -0,0 +1,18 @@
+import os
+
+def safe_path_join(base_path, *paths):
+    """os.path.join with with check that result is inside base_path.
+
+    Checks that the generated path doesn't end up outside the target
+    directory, so server accesses stay where we expect them.
+    """
+
+    target_path = os.path.join(base_path, *paths)
+
+    if not target_path.startswith(base_path):
+        return None
+
+    if not os.path.normpath(target_path) == target_path.rstrip("/"):
+        return None
+
+    return target_path
author	James Tunnicliffe <james.tunnicliffe@linaro.org>	2013-06-05 14:16:41 +0100
committer	James Tunnicliffe <james.tunnicliffe@linaro.org>	2013-06-05 14:16:41 +0100
commit	746d36bc55b2d83b53907710dc2be7e7256ad577 (patch)
tree	be36e27faa0a40b3b8a4b66d8d259dd547bd1575 /license_protected_downloads/common.py
parent	72fec9427621b380af0c56901dc810bbd6180fef (diff)