Git-Mirrors/onionshare
1
0
Fork 0
mirror of https://github.com/onionshare/onionshare.git synced 2025-06-19 12:04:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

Added a function to remove HTML from file and directory names

Browse source
This commit is contained in:
Emmanuel Morales 2016-12-18 20:57:17 -08:00
parent 2794d41919
commit b95828973c
1 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
onionshare/web.py
View file

@ -17,7 +17,7 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
""" """
import queue, mimetypes, platform, os, sys, socket, logging import queue, mimetypes, platform, os, sys, socket, logging, re
from urllib.request import urlopen from urllib.request import urlopen
from flask import Flask, Response, request, render_template_string, abort from flask import Flask, Response, request, render_template_string, abort
@ -30,6 +30,17 @@ file_info = []
zip_filename = None zip_filename = None
zip_filesize = None zip_filesize = None
def sanitize_html(basename):
"""
Takes a string, called basename, and removes any HTML that could be in the
string. If the resulting string is empty, return the string 'file', which
is not ideal, but better than embedded HTML that could run JS.
"""
html_regex = re.compile('<.*?>')
sanitized_name = re.sub(html_regex , '', basename)
if sanitized_name == '':
sanitized_name = 'file'
return sanitized_name
def set_file_info(filenames): def set_file_info(filenames):
""" """
@ -42,9 +53,11 @@ def set_file_info(filenames):
# build file info list # build file info list
file_info = {'files': [], 'dirs': []} file_info = {'files': [], 'dirs': []}
for filename in filenames: for filename in filenames:
# strips trailing '/' and sanitizes filename
basename = sanitize_html(os.path.basename(filename.rstrip('/')))
info = { info = {
'filename': filename, 'filename': filename,
'basename': os.path.basename(filename.rstrip('/')) 'basename': basename
} }
if os.path.isfile(filename): if os.path.isfile(filename):
info['size'] = os.path.getsize(filename) info['size'] = os.path.getsize(filename)
@ -54,6 +67,8 @@ def set_file_info(filenames):
info['size'] = helpers.dir_size(filename) info['size'] = helpers.dir_size(filename)
info['size_human'] = helpers.human_readable_filesize(info['size']) info['size_human'] = helpers.human_readable_filesize(info['size'])
file_info['dirs'].append(info) file_info['dirs'].append(info)
# sort list of files and directories by basename
file_info['files'] = sorted(file_info['files'], key=lambda k: k['basename']) file_info['files'] = sorted(file_info['files'], key=lambda k: k['basename'])
file_info['dirs'] = sorted(file_info['dirs'], key=lambda k: k['basename']) file_info['dirs'] = sorted(file_info['dirs'], key=lambda k: k['basename'])