From 6bbd0c2736cc8ecb14f8c1d98059bd19fa24362e Mon Sep 17 00:00:00 2001 From: mdipierro Date: Sun, 29 Jul 2012 13:57:01 -0500 Subject: [PATCH] router patch, thanks Jonathan --- VERSION | 2 +- gluon/rewrite.py | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index 4c35a529..b4485c6d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.00.0 (2012-07-29 10:43:31) dev +Version 2.00.0 (2012-07-29 13:56:56) dev diff --git a/gluon/rewrite.py b/gluon/rewrite.py index abf94764..72454520 100644 --- a/gluon/rewrite.py +++ b/gluon/rewrite.py @@ -47,7 +47,7 @@ def _router_default(): exclusive_domain = False, map_hyphen = False, acfe_match = r'\w+$', # legal app/ctlr/fcn/ext - file_match = r'(\w+[-=./]?)+$', # legal file (path) name + file_match = r'([-+=@$%\w]+[./]?)+$', # legal static file (path) name args_match = r'([\w@ -]+[=.]?)*$', # legal arg in args ) return router @@ -900,6 +900,7 @@ class MapUrlIn(object): self.map_hyphen = self.router.map_hyphen self.exclusive_domain = self.router.exclusive_domain self._acfe_match = self.router._acfe_match + self.file_match = self.router.file_match self._file_match = self.router._file_match self._args_match = self.router._args_match @@ -954,7 +955,17 @@ class MapUrlIn(object): if self.controller != 'static': return None file = '/'.join(self.args) - if not self.router._file_match.match(file): + if len(self.args) == 0: + bad_static = True # require a file name + elif '/' in self.file_match: + # match the path + bad_static = not self.router._file_match.match(file) + else: + # match path elements + bad_static = False + for name in self.args: + bad_static = bad_static or name in ('', '.', '..') or not self.router._file_match.match(name) + if bad_static: raise HTTP(400, thread.routes.error_message % 'invalid request', web2py_error='invalid static file') #