--- a/thirdparty/google_appengine/lib/django/django/core/servers/basehttp.py Sat Sep 05 14:04:24 2009 +0200
+++ b/thirdparty/google_appengine/lib/django/django/core/servers/basehttp.py Sun Sep 06 23:31:53 2009 +0200
@@ -11,6 +11,8 @@
from types import ListType, StringType
import os, re, sys, time, urllib
+from django.utils._os import safe_join
+
__version__ = "0.1"
__all__ = ['WSGIServer','WSGIRequestHandler','demo_app']
@@ -599,11 +601,25 @@
self.application = application
if not media_dir:
import django
- self.media_dir = django.__path__[0] + '/contrib/admin/media'
+ self.media_dir = \
+ os.path.join(django.__path__[0], 'contrib', 'admin', 'media')
else:
self.media_dir = media_dir
self.media_url = settings.ADMIN_MEDIA_PREFIX
+ def file_path(self, url):
+ """
+ Returns the path to the media file on disk for the given URL.
+
+ The passed URL is assumed to begin with ADMIN_MEDIA_PREFIX. If the
+ resultant file path is outside the media directory, then a ValueError
+ is raised.
+ """
+ # Remove ADMIN_MEDIA_PREFIX.
+ relative_url = url[len(self.media_url):]
+ relative_path = urllib.url2pathname(relative_url)
+ return safe_join(self.media_dir, relative_path)
+
def __call__(self, environ, start_response):
import os.path
@@ -614,19 +630,25 @@
return self.application(environ, start_response)
# Find the admin file and serve it up, if it exists and is readable.
- relative_url = environ['PATH_INFO'][len(self.media_url):]
- file_path = os.path.join(self.media_dir, relative_url)
+ try:
+ file_path = self.file_path(environ['PATH_INFO'])
+ except ValueError: # Resulting file path was not valid.
+ status = '404 NOT FOUND'
+ headers = {'Content-type': 'text/plain'}
+ output = ['Page not found: %s' % environ['PATH_INFO']]
+ start_response(status, headers.items())
+ return output
if not os.path.exists(file_path):
status = '404 NOT FOUND'
headers = {'Content-type': 'text/plain'}
- output = ['Page not found: %s' % file_path]
+ output = ['Page not found: %s' % environ['PATH_INFO']]
else:
try:
fp = open(file_path, 'rb')
except IOError:
status = '401 UNAUTHORIZED'
headers = {'Content-type': 'text/plain'}
- output = ['Permission denied: %s' % file_path]
+ output = ['Permission denied: %s' % environ['PATH_INFO']]
else:
status = '200 OK'
headers = {}