|
|
|
@ -371,9 +371,7 @@ class ScriptFormWebApp(WebAppHandler): |
|
|
|
|
form_def = form_config.get_form_def(form_name) |
|
|
|
|
if form_def.allowed_users is not None and \ |
|
|
|
|
self.username not in form_def.allowed_users: |
|
|
|
|
# FIXME: Raise HTTPError instead? |
|
|
|
|
self.send_error(401, "You're not authorized to view this form") |
|
|
|
|
return |
|
|
|
|
raise HTTPError(403, "You're not authorized to view this form") |
|
|
|
|
|
|
|
|
|
html_errors = u'' |
|
|
|
|
if errors: |
|
|
|
@ -412,9 +410,7 @@ class ScriptFormWebApp(WebAppHandler): |
|
|
|
|
form_def = form_config.get_form_def(form_name) |
|
|
|
|
if form_def.allowed_users is not None and \ |
|
|
|
|
self.username not in form_def.allowed_users: |
|
|
|
|
# FIXME: Raise HTTPError instead? |
|
|
|
|
self.send_error(401, "You're not authorized to view this form") |
|
|
|
|
return |
|
|
|
|
raise HTTPError(403, "You're not authorized to view this form") |
|
|
|
|
|
|
|
|
|
# Convert FieldStorage to a simple dict, because we're not allowd to |
|
|
|
|
# add items to it. For normal fields, the form field name becomes the |
|
|
|
@ -506,20 +502,14 @@ class ScriptFormWebApp(WebAppHandler): |
|
|
|
|
form_config = self.scriptform.get_form_config() |
|
|
|
|
|
|
|
|
|
if not form_config.static_dir: |
|
|
|
|
# FIXME: Raise Error |
|
|
|
|
self.send_error(501, "Static file serving not enabled") |
|
|
|
|
return |
|
|
|
|
raise HTTPError(501, "Static file serving not enabled") |
|
|
|
|
|
|
|
|
|
if '..' in fname: |
|
|
|
|
# FIXME: Raise Error |
|
|
|
|
self.send_error(403, "Invalid file name") |
|
|
|
|
return |
|
|
|
|
raise HTTPError(403, "Invalid file name") |
|
|
|
|
|
|
|
|
|
path = os.path.join(form_config.static_dir, fname) |
|
|
|
|
if not os.path.exists(path): |
|
|
|
|
# FIXME: Raise Error |
|
|
|
|
self.send_error(404, "Not found") |
|
|
|
|
return |
|
|
|
|
raise HTTPError(404, "Not found") |
|
|
|
|
|
|
|
|
|
f = file(path, 'r') |
|
|
|
|
self.send_response(200) |
|
|
|
|