Merge pull request #426 from Unrud/patch-20

Ignore hidden files
This commit is contained in:
Guillaume Ayoub 2016-06-13 15:07:24 +02:00 committed by GitHub
commit caa4c16dfd

View File

@ -126,7 +126,8 @@ def is_safe_filesystem_path_component(path):
""" """
return ( return (
path and not os.path.splitdrive(path)[0] and path and not os.path.splitdrive(path)[0] and
not os.path.split(path)[0] and path not in (os.curdir, os.pardir)) not os.path.split(path)[0] and path not in (os.curdir, os.pardir) and
not path.startswith(".") and not path.endswith("~"))
def path_to_filesystem(root, *paths): def path_to_filesystem(root, *paths):
@ -346,6 +347,10 @@ class Collection(BaseCollection):
yield collection.get(item[0]) yield collection.get(item[0])
_, directories, _ = next(os.walk(collection._filesystem_path)) _, directories, _ = next(os.walk(collection._filesystem_path))
for sub_path in directories: for sub_path in directories:
if not is_safe_filesystem_path_component(sub_path):
cls.logger.debug(
"Skipping collection: %s", sub_path)
continue
full_path = os.path.join(collection._filesystem_path, sub_path) full_path = os.path.join(collection._filesystem_path, sub_path)
if os.path.exists(full_path): if os.path.exists(full_path):
yield cls(posixpath.join(path, sub_path)) yield cls(posixpath.join(path, sub_path))
@ -395,6 +400,10 @@ class Collection(BaseCollection):
return return
for href in hrefs: for href in hrefs:
if not is_safe_filesystem_path_component(href):
self.logger.debug(
"Skipping component: %s", href)
continue
path = os.path.join(self._filesystem_path, href) path = os.path.join(self._filesystem_path, href)
if not href.endswith(".props") and os.path.isfile(path): if not href.endswith(".props") and os.path.isfile(path):
with open(path, encoding=self.storage_encoding) as fd: with open(path, encoding=self.storage_encoding) as fd:
@ -567,7 +576,7 @@ class Collection(BaseCollection):
cls.configuration.get("storage", "filesystem_folder")) cls.configuration.get("storage", "filesystem_folder"))
if not os.path.exists(folder): if not os.path.exists(folder):
os.makedirs(folder, exist_ok=True) os.makedirs(folder, exist_ok=True)
lock_path = os.path.join(folder, "Radicale.lock") lock_path = os.path.join(folder, ".Radicale.lock")
cls._lock_file = open(lock_path, "w+") cls._lock_file = open(lock_path, "w+")
# set access rights to a necessary minimum to prevent locking # set access rights to a necessary minimum to prevent locking
# by arbitrary users # by arbitrary users