Commit 2fa6909a authored by Michael Murtaugh's avatar Michael Murtaugh

dangerous posting

parent c89e2080
Pipeline #235 canceled with stages
......@@ -117,29 +117,32 @@ async def route_post (request):
""" write posted text value to file """
path = urlunquote(urlparse(request.rel_url.raw_path.lstrip("/")).path)
print ("POST", path, file=sys.stderr)
if os.path.exists(path) and os.path.isfile(path):
data = await request.post()
resp = {}
# SAVE
if 'text' in data:
text = data['text']
# doing file io inline here is not strictly speaking very async ;)
with open(path, "w") as f:
f.write(text)
resp['text'] = 'ok'
# RENAME
if 'name' in data:
newpath = os.path.join(os.path.split(path)[0], data['name'])
if path != newpath:
os.rename(path, newpath)
resp['name'] = 'ok'
# DELETE
if 'delete' in data:
os.remove(path)
resp['delete'] = 'ok'
return web.Response(text=json.dumps(resp), content_type="application/json")
else:
raise web.HTTPMethodNotAllowed()
# if os.path.exists(path) and os.path.isfile(path):
# POST CAN CLOBBER ANY FILES THAT ARE WRITABLE BY THE USER !
# this is maybe a way too dangerous default ...
#
data = await request.post()
resp = {}
# SAVE
if 'text' in data:
text = data['text']
# doing file io inline here is not strictly speaking very async ;)
with open(path, "w") as f:
f.write(text)
resp['text'] = 'ok'
# RENAME
if 'name' in data:
newpath = os.path.join(os.path.split(path)[0], data['name'])
if path != newpath:
os.rename(path, newpath)
resp['name'] = 'ok'
# DELETE
if 'delete' in data:
os.remove(path)
resp['delete'] = 'ok'
return web.Response(text=json.dumps(resp), content_type="application/json")
# else:
# raise web.HTTPMethodNotAllowed()
# return web.Response(text="post not allowed on {0}".format(path))
active_sockets = []
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment