langfingaz/anki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replaced flask.Response by flask.make_response to simplify the

Browse Source 
implementation and because make_response is preferred over Response
as it respects the server defined Response type.
This commit is contained in:
evandrocoan 2020-07-02 20:38:27 -03:00
parent a99e455414
commit 476b881987
1 changed files with 10 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
qt/aqt/mediasrv.py
View File

@ -96,10 +96,9 @@ def allroutes(pathin):
try: try:
isdir = os.path.isdir(os.path.join(directory, path)) isdir = os.path.isdir(os.path.join(directory, path))
except ValueError: except ValueError:
return flask.Response( return flask.make_response(
"Path for '%s - %s' is too long!" % (directory, path), "Path for '%s - %s' is too long!" % (directory, path),
status=HTTPStatus.BAD_REQUEST, HTTPStatus.BAD_REQUEST,
mimetype="text/plain",
) )
directory = os.path.realpath(directory) directory = os.path.realpath(directory)
@ -108,17 +107,15 @@ def allroutes(pathin):
# protect against directory transversal: https://security.openstack.org/guidelines/dg_using-file-paths.html # protect against directory transversal: https://security.openstack.org/guidelines/dg_using-file-paths.html
if not fullpath.startswith(directory): if not fullpath.startswith(directory):
return flask.Response( return flask.make_response(
"Path for '%s - %s' is a security leak!" % (directory, path), "Path for '%s - %s' is a security leak!" % (directory, path),
status=HTTPStatus.FORBIDDEN, HTTPStatus.FORBIDDEN,
mimetype="text/plain",
) )
if isdir: if isdir:
return flask.Response( return flask.make_response(
"Path for '%s - %s' is a directory (not supported)!" % (directory, path), "Path for '%s - %s' is a directory (not supported)!" % (directory, path),
status=HTTPStatus.FORBIDDEN, HTTPStatus.FORBIDDEN,
mimetype="text/plain",
) )
if devMode: if devMode:
@ -132,10 +129,9 @@ def allroutes(pathin):
elif path == "i18nResources": elif path == "i18nResources":
data = allroutes.mw.col.backend.i18n_resources() data = allroutes.mw.col.backend.i18n_resources()
else: else:
return flask.Response( return flask.make_response(
"Post request to '%s - %s' is a security leak!" % (directory, path), "Post request to '%s - %s' is a security leak!" % (directory, path),
status=HTTPStatus.FORBIDDEN, HTTPStatus.FORBIDDEN,
mimetype="text/plain",
) )
response = flask.make_response(data) response = flask.make_response(data)
@ -154,10 +150,9 @@ def allroutes(pathin):
# swallow it - user likely surfed away from # swallow it - user likely surfed away from
# review screen before an image had finished # review screen before an image had finished
# downloading # downloading
return flask.Response( return flask.make_response(
"For path '%s - %s' %s!" % (directory, path, error), "For path '%s - %s' %s!" % (directory, path, error),
status=HTTPStatus.INTERNAL_SERVER_ERROR, HTTPStatus.INTERNAL_SERVER_ERROR,
mimetype="text/plain",
) )