Your ROOT_URL in app.ini is https://source.parasitstudio.de:63000/ but you are visiting https://source.parasitstudio.de/wirtz/scriptform/commit/0c1d2134582c16118bba478ce47445d98e506651?style=split&whitespace=show-all You should set ROOT_URL correctly, otherwise the web may not work correctly.
wirtz
/
scriptform
mirror of https://github.com/fboender/scriptform.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Raise HTTPErrors instead of sending errors directly to the client.

Browse Source
pull/7/head
Ferry Boender 10 years ago
parent 6d7cdf744c
commit 0c1d213458
1 changed files with 5 additions and 15 deletions
  1. 20
      src/webapp.py

20
src/webapp.py
Unescape View File

@ -371,9 +371,7 @@ class ScriptFormWebApp(WebAppHandler):
form_def = form_config.get_form_def(form_name) form_def = form_config.get_form_def(form_name)
if form_def.allowed_users is not None and \ if form_def.allowed_users is not None and \
self.username not in form_def.allowed_users: self.username not in form_def.allowed_users:
# FIXME: Raise HTTPError instead? raise HTTPError(403, "You're not authorized to view this form")
self.send_error(401, "You're not authorized to view this form")
return
html_errors = u'' html_errors = u''
if errors: if errors:
@ -412,9 +410,7 @@ class ScriptFormWebApp(WebAppHandler):
form_def = form_config.get_form_def(form_name) form_def = form_config.get_form_def(form_name)
if form_def.allowed_users is not None and \ if form_def.allowed_users is not None and \
self.username not in form_def.allowed_users: self.username not in form_def.allowed_users:
# FIXME: Raise HTTPError instead? raise HTTPError(403, "You're not authorized to view this form")
self.send_error(401, "You're not authorized to view this form")
return
# Convert FieldStorage to a simple dict, because we're not allowd to # Convert FieldStorage to a simple dict, because we're not allowd to
# add items to it. For normal fields, the form field name becomes the # add items to it. For normal fields, the form field name becomes the
@ -506,20 +502,14 @@ class ScriptFormWebApp(WebAppHandler):
form_config = self.scriptform.get_form_config() form_config = self.scriptform.get_form_config()
if not form_config.static_dir: if not form_config.static_dir:
# FIXME: Raise Error raise HTTPError(501, "Static file serving not enabled")
self.send_error(501, "Static file serving not enabled")
return
if '..' in fname: if '..' in fname:
# FIXME: Raise Error raise HTTPError(403, "Invalid file name")
self.send_error(403, "Invalid file name")
return
path = os.path.join(form_config.static_dir, fname) path = os.path.join(form_config.static_dir, fname)
if not os.path.exists(path): if not os.path.exists(path):
# FIXME: Raise Error raise HTTPError(404, "Not found")
self.send_error(404, "Not found")
return
f = file(path, 'r') f = file(path, 'r')
self.send_response(200) self.send_response(200)

Write Preview
Loading…
Cancel
Save