HTTP GM baseline viewer: server should serve files from gm/rebaseline_server dir
(SkipBuildbotRuns)
R=jcgregorio@google.com
Review URL: https://codereview.chromium.org/25774002
git-svn-id: http://skia.googlecode.com/svn/trunk@11583 2bbb7eff-a529-9590-31e7-b0007b416f81
diff --git a/gm/rebaseline_server/server.py b/gm/rebaseline_server/server.py
index 34c70f4..439d5da 100755
--- a/gm/rebaseline_server/server.py
+++ b/gm/rebaseline_server/server.py
@@ -27,8 +27,8 @@
# that directory.
# Make sure that the 'tools' dir is in the PYTHONPATH, but add it at the *end*
# so any dirs that are already in the PYTHONPATH will be preferred.
-TRUNK_DIRECTORY = os.path.dirname(os.path.dirname(os.path.dirname(
- os.path.realpath(__file__))))
+PARENT_DIRECTORY = os.path.dirname(os.path.realpath(__file__))
+TRUNK_DIRECTORY = os.path.dirname(os.path.dirname(PARENT_DIRECTORY))
TOOLS_DIRECTORY = os.path.join(TRUNK_DIRECTORY, 'tools')
if TOOLS_DIRECTORY not in sys.path:
sys.path.append(TOOLS_DIRECTORY)
@@ -157,9 +157,18 @@
self.send_error(404)
def do_GET_static(self, path):
- """ Handle a GET request for a file under the 'static' directory. """
+ """ Handle a GET request for a file under the 'static' directory.
+ Only allow serving of files within the 'static' directory that is a
+ filesystem sibling of this script. """
print 'do_GET_static: sending file "%s"' % path
- self.send_file(posixpath.join('static', path))
+ static_dir = os.path.realpath(os.path.join(PARENT_DIRECTORY, 'static'))
+ full_path = os.path.realpath(os.path.join(static_dir, path))
+ if full_path.startswith(static_dir):
+ self.send_file(full_path)
+ else:
+ print ('Attempted do_GET_static() of path [%s] outside of static dir [%s]'
+ % (full_path, static_dir))
+ self.send_error(404)
def redirect_to(self, url):
""" Redirect the HTTP client to a different url. """