[Erp5-report] r9771 - /erp5/trunk/products/ERP5Subversion/Tool/SubversionTool.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Fri Sep 8 16:52:10 CEST 2006
Author: alex
Date: Fri Sep 8 16:52:07 2006
New Revision: 9771
URL: http://svn.erp5.org?rev=9771&view=rev
Log:
Allow to remove files that were created in the tmp directory
Modified:
erp5/trunk/products/ERP5Subversion/Tool/SubversionTool.py
Modified: erp5/trunk/products/ERP5Subversion/Tool/SubversionTool.py
URL: http://svn.erp5.org/erp5/trunk/products/ERP5Subversion/Tool/SubversionTool.py?rev=9771&r1=9770&r2=9771&view=diff
==============================================================================
--- erp5/trunk/products/ERP5Subversion/Tool/SubversionTool.py (original)
+++ erp5/trunk/products/ERP5Subversion/Tool/SubversionTool.py Fri Sep 8 16:52:07 2006
@@ -39,7 +39,7 @@
from DateTime import DateTime
from cPickle import dumps, loads
from App.config import getConfiguration
-from tempfile import mktemp
+from tempfile import gettempdir, mktemp
from Products.CMFCore.utils import getToolByName
from Products.ERP5.Document.BusinessTemplate import removeAll
from xml.sax.saxutils import escape
@@ -733,7 +733,8 @@
def _getWorkingPath(self, path):
""" Check if the given path is reachable (allowed)
"""
- if not path.startswith(self.top_working_path):
+ if not path.startswith(self.top_working_path) and \
+ not path.startswith(gettempdir()):
raise UnauthorizedAccessToPath, 'Unauthorized access to path %s. It is NOT in your Zope home instance.' % path
return path
More information about the Erp5-report
mailing list