haiwen/seahub
1
0
Fork 0
mirror of https://github.com/haiwen/seahub.git synced 2025-09-08 10:22:46 +00:00
Code Issues Releases Wiki Activity

Fixed bug in cp/move and file/dir path

Browse Source
This commit is contained in:
zhengxie
2012-12-25 15:05:12 +08:00
parent 0ec2900bc4
commit 3b3f1231bb
7 changed files with 39 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
base/context_processors.py
View File

@@ -7,7 +7,7 @@ These are referenced from the setting TEMPLATE_CONTEXT_PROCESSORS and used by
RequestContext. RequestContext.
""" """
from settings import SEAFILE_VERSION, SITE_TITLE, SITE_NAME, SITE_BASE, \ from settings import SEAFILE_VERSION, SITE_TITLE, SITE_NAME, SITE_BASE, \
ENABLE_SIGNUP ENABLE_SIGNUP, MAX_FILE_NAME
try: try:
from settings import BUSINESS_MODE from settings import BUSINESS_MODE
except ImportError: except ImportError:
@@ -36,5 +36,6 @@ def base(request):
'base_template': base_template, 'base_template': base_template,
'site_name': SITE_NAME, 'site_name': SITE_NAME,
'enable_signup': ENABLE_SIGNUP, 'enable_signup': ENABLE_SIGNUP,
'max_file_name': MAX_FILE_NAME,
} }

11
forms.py
View File

@@ -52,9 +52,10 @@ class RepoCreateForm(forms.Form):
""" """
Form for creating repo and org repo. Form for creating repo and org repo.
""" """
repo_name = forms.CharField(max_length=50, error_messages={ repo_name = forms.CharField(max_length=settings.MAX_FILE_NAME,
error_messages={
'required': _(u'Name can\'t be empty'), 'required': _(u'Name can\'t be empty'),
'max_length': _(u'Name is too long (maximum is 50 characters)') 'max_length': _(u'Name is too long (maximum is 255 characters)')
}) })
repo_desc = forms.CharField(max_length=100, error_messages={ repo_desc = forms.CharField(max_length=100, error_messages={
'required': _(u'Description can\'t be empty'), 'required': _(u'Description can\'t be empty'),
@@ -112,7 +113,7 @@ class RepoNewFileForm(forms.Form):
""" """
repo_id = forms.CharField(error_messages={'required': _('Repo id is required')}) repo_id = forms.CharField(error_messages={'required': _('Repo id is required')})
parent_dir = forms.CharField(error_messages={'required': _('Parent dir is required')}) parent_dir = forms.CharField(error_messages={'required': _('Parent dir is required')})
new_file_name = forms.CharField(max_length=settings.MAX_UPLOAD_FILE_NAME_LEN, new_file_name = forms.CharField(max_length=settings.MAX_FILE_NAME,
error_messages={ error_messages={
'max_length': _('File name is too long'), 'max_length': _('File name is too long'),
'required': _('File name can\'t be empty'), 'required': _('File name can\'t be empty'),
@@ -136,7 +137,7 @@ class RepoRenameFileForm(forms.Form):
repo_id = forms.CharField(error_messages={'required': _("Repo id is required")}) repo_id = forms.CharField(error_messages={'required': _("Repo id is required")})
parent_dir = forms.CharField(error_messages={'required': _("Parent dir is required")}) parent_dir = forms.CharField(error_messages={'required': _("Parent dir is required")})
oldname = forms.CharField(error_messages={'required': _("Oldname is required")}) oldname = forms.CharField(error_messages={'required': _("Oldname is required")})
newname = forms.CharField(max_length=settings.MAX_UPLOAD_FILE_NAME_LEN, newname = forms.CharField(max_length=settings.MAX_FILE_NAME,
error_messages={ error_messages={
'max_length': _('File name is too long'), 'max_length': _('File name is too long'),
'required': _('File name can\'t be empty'), 'required': _('File name can\'t be empty'),
@@ -159,7 +160,7 @@ class RepoNewDirForm(forms.Form):
""" """
repo_id = forms.CharField(error_messages={'required': _("Repo id is required")}) repo_id = forms.CharField(error_messages={'required': _("Repo id is required")})
parent_dir = forms.CharField(error_messages={'required': _("Parent dir is required")}) parent_dir = forms.CharField(error_messages={'required': _("Parent dir is required")})
new_dir_name = forms.CharField(max_length=settings.MAX_UPLOAD_FILE_NAME_LEN, new_dir_name = forms.CharField(max_length=settings.MAX_FILE_NAME,
error_messages={ error_messages={
'max_length': _('Directory name is too long'), 'max_length': _('Directory name is too long'),
'required': _('Directory name can\'t be empty'), 'required': _('Directory name can\'t be empty'),

8
settings.py
View File

@@ -164,14 +164,14 @@ CACHES = {
} }
MAX_UPLOAD_FILE_SIZE = 100 * 1024 * 1024 # 100 MB MAX_UPLOAD_FILE_SIZE = 100 * 1024 * 1024 # 100 MB
MAX_UPLOAD_FILE_NAME_LEN = 256 MAX_UPLOAD_FILE_NAME_LEN = 255
MAX_FILE_NAME = MAX_UPLOAD_FILE_NAME_LEN
MAX_PATH = 4096
# Set to True when user will be activaed after registration, # Set to True when user will be activaed after registration,
# and no email sending # and no email sending
ACTIVATE_AFTER_REGISTRATION = True ACTIVATE_AFTER_REGISTRATION = True
# In order to use email sending, `ACTIVATE_AFTER_REGISTRATION` must set to False
# In order to use email sending,
# ACTIVATE_AFTER_REGISTRATION MUST set to False
REGISTRATION_SEND_MAIL = False REGISTRATION_SEND_MAIL = False
# Seafile httpserver address and port # Seafile httpserver address and port

6
templates/repo.html
View File

@@ -225,7 +225,7 @@
<label>{% trans "Directory Name" %}</label> <label>{% trans "Directory Name" %}</label>
<input type="hidden" name="repo_id" value="{{ repo.id }}" /> <input type="hidden" name="repo_id" value="{{ repo.id }}" />
<input type="hidden" name="parent_dir" value="{{ path }}" /> <input type="hidden" name="parent_dir" value="{{ path }}" />
<input type="text" name="new_dir_name" value="" class="long-input" /><br /> <input type="text" name="new_dir_name" value="" class="long-input" maxlength="{{max_file_name}}"/><br />
<p class="error hide"></p> <p class="error hide"></p>
<input type="submit" value="{% trans "Submit" %}" class="submit" /> <input type="submit" value="{% trans "Submit" %}" class="submit" />
<button class="simplemodal-close">{% trans "Cancel" %}</button> <button class="simplemodal-close">{% trans "Cancel" %}</button>
@@ -241,7 +241,7 @@
<label>{% trans "File Name" %}</label> <label>{% trans "File Name" %}</label>
<input type="hidden" name="repo_id" value="{{ repo.id }}" /> <input type="hidden" name="repo_id" value="{{ repo.id }}" />
<input type="hidden" name="parent_dir" value="{{ path }}" /> <input type="hidden" name="parent_dir" value="{{ path }}" />
<input type="text" name="new_file_name" value="" class="long-input" /> <input type="text" name="new_file_name" value="" class="long-input" maxlength="{{max_file_name}}"/>
<p class="error hide"></p> <p class="error hide"></p>
<input type="submit" value="{% trans "Submit"%}" class="submit" /> <input type="submit" value="{% trans "Submit"%}" class="submit" />
<button class="simplemodal-close">{% trans "Cancel"%}</button> <button class="simplemodal-close">{% trans "Cancel"%}</button>
@@ -274,7 +274,7 @@
<input type="hidden" name="repo_id" value="{{ repo.id }}" /> <input type="hidden" name="repo_id" value="{{ repo.id }}" />
<input type="hidden" name="parent_dir" value="{{ path }}" /> <input type="hidden" name="parent_dir" value="{{ path }}" />
<input type="hidden" name="oldname" value="" /> <input type="hidden" name="oldname" value="" />
<input type="text" name="newname" value="" class="long-input" /><br /> <input type="text" name="newname" value="" class="long-input" maxlength="{{max_file_name}}"/><br />
<p class="error hide"></p> <p class="error hide"></p>
<input type="submit" value="{% trans "Submit"%}" class="submit" /> <input type="submit" value="{% trans "Submit"%}" class="submit" />
<button class="simplemodal-close">{% trans "Cancel"%}</button> <button class="simplemodal-close">{% trans "Cancel"%}</button>

2
templates/snippets/repo_create_form.html
View File

@@ -2,7 +2,7 @@
<form id="repo-create-form" action="" method="post" class="hide"> <form id="repo-create-form" action="" method="post" class="hide">
<h3>{% trans "New Library"%}</h3> <h3>{% trans "New Library"%}</h3>
<label>{% trans "Name"%}</label><br/> <label>{% trans "Name"%}</label><br/>
<input id="repo-name" type="text" name="repo_name" value="" /><br /> <input id="repo-name" type="text" name="repo_name" value="" maxlength="{{max_file_name}}"/><br />
<label>{% trans "Description"%}</label><br/> <label>{% trans "Description"%}</label><br/>
<textarea id="repo-desc" name="repo_desc"></textarea> <textarea id="repo-desc" name="repo_desc"></textarea>
{% if create_shared_repo %} {% if create_shared_repo %}

15
utils.py
View File

@@ -20,7 +20,7 @@ from seaserv import seafserv_rpc, ccnet_threaded_rpc, seafserv_threaded_rpc, \
CCNET_SERVER_PORT, get_org_id_by_repo_id, get_org_by_id, is_org_staff, \ CCNET_SERVER_PORT, get_org_id_by_repo_id, get_org_by_id, is_org_staff, \
get_org_id_by_group, list_personal_shared_repos, get_org_group_repos,\ get_org_id_by_group, list_personal_shared_repos, get_org_group_repos,\
get_personal_groups_by_user, list_personal_repos_by_owner, get_group_repos, \ get_personal_groups_by_user, list_personal_repos_by_owner, get_group_repos, \
list_org_repos_by_owner, get_org_groups_by_user list_org_repos_by_owner, get_org_groups_by_user, check_permission
try: try:
from settings import DOCUMENT_CONVERTOR_ROOT from settings import DOCUMENT_CONVERTOR_ROOT
except ImportError: except ImportError:
@@ -236,7 +236,7 @@ def get_accessible_repos(request, repo):
return False return False
accessible_repos = [] accessible_repos = []
for r in owned_repos + groups_repos: for r in owned_repos:
if not has_repo(accessible_repos, r) and not r.encrypted: if not has_repo(accessible_repos, r) and not r.encrypted:
r.has_subdir = check_has_subdir(r) r.has_subdir = check_has_subdir(r)
accessible_repos.append(r) accessible_repos.append(r)
@@ -249,8 +249,15 @@ def get_accessible_repos(request, repo):
r.desc = r.repo_desc r.desc = r.repo_desc
if not has_repo(accessible_repos, r) and not r.encrypted: if not has_repo(accessible_repos, r) and not r.encrypted:
r.has_subdir = check_has_subdir(r) if check_permission(r.id, request.user.username) == 'rw':
accessible_repos.append(r) r.has_subdir = check_has_subdir(r)
accessible_repos.append(r)
for r in groups_repos:
if not has_repo(accessiable_repos, r) and not r.encrypted :
if check_permission(r.id, request.user.username) == 'rw':
r.has_subdir = check_has_subdir(r)
accessible_repos.append(r)
return accessible_repos return accessible_repos

13
views.py
View File

@@ -1668,6 +1668,18 @@ def file_move(request):
and dst_path and obj_name and obj_type and op): and dst_path and obj_name and obj_type and op):
return render_error(request) return render_error(request)
# check file path
if len(dst_path+obj_name) > settings.MAX_PATH:
messages.error(request, _('Destination path is too long.'))
url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
return HttpResponseRedirect(url)
# check whether user has write permission to dest repo
if check_permission(dst_repo_id, request.user.username) != 'rw':
messages.error(request, _('You can not modify that library.'))
url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
return HttpResponseRedirect(url)
# do nothing when dst is the same as src # do nothing when dst is the same as src
if src_repo_id == dst_repo_id and src_path == dst_path: if src_repo_id == dst_repo_id and src_path == dst_path:
url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8'))) url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
@@ -1681,7 +1693,6 @@ def file_move(request):
% {'op': _(u"copy") if op == 'cp' else _(u"move"), % {'op': _(u"copy") if op == 'cp' else _(u"move"),
'src': src_dir, 'src': src_dir,
'des': dst_path} 'des': dst_path}
#return render_error(request, error_msg)
messages.add_message(request, messages.ERROR, error_msg) messages.add_message(request, messages.ERROR, error_msg)
url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8'))) url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
return HttpResponseRedirect(url) return HttpResponseRedirect(url)