Commit b97f07b1 authored by Christophe Dumez's avatar Christophe Dumez

- Added security checks (asked by Yoshinori). Now svn working copies MUST be...

- Added security checks (asked by Yoshinori). Now svn working copies MUST be located in zope instance home.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@7296 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 7f3408f1
...@@ -415,6 +415,8 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -415,6 +415,8 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
login_cookie_name = 'erp5_subversion_login' login_cookie_name = 'erp5_subversion_login'
ssl_trust_cookie_name = 'erp5_subversion_ssl_trust' ssl_trust_cookie_name = 'erp5_subversion_ssl_trust'
top_working_path = getConfiguration().instancehome
# Declarative Security # Declarative Security
security = ClassSecurityInfo() security = ClassSecurityInfo()
...@@ -623,6 +625,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -623,6 +625,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
raise SubversionPreferencesError, 'Please set at least one Subversion Working Copy in preferences first.' raise SubversionPreferencesError, 'Please set at least one Subversion Working Copy in preferences first.'
bt_name = bt.getTitle() bt_name = bt.getTitle()
for wc in wc_list: for wc in wc_list:
wc = self._getWorkingPath(wc)
if not os.path.exists(os.path.join(wc, '.svn')): if not os.path.exists(os.path.join(wc, '.svn')):
raise SubversionNotAWorkingCopyError, "You must check out working copies in this directory: "+wc+" or choose another path in portal preferences." raise SubversionNotAWorkingCopyError, "You must check out working copies in this directory: "+wc+" or choose another path in portal preferences."
if bt_name in os.listdir(wc) : if bt_name in os.listdir(wc) :
...@@ -634,11 +637,22 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -634,11 +637,22 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
return os.sep.join(wc_path.split(os.sep)[:-1]) return os.sep.join(wc_path.split(os.sep)[:-1])
raise SubversionUnknownBusinessTemplateError, "Could not find '"+bt_name+"' at first level of working copies." raise SubversionUnknownBusinessTemplateError, "Could not find '"+bt_name+"' at first level of working copies."
def getTopWorkingPath(self):
return self.top_working_path
def _getWorkingPath(self, path):
#if path[0] != '/':
# path = os.path.join(self.top_working_path, path)
#path = os.path.abspath(path)
if not path.startswith(self.top_working_path):
raise Unauthorized, 'unauthorized access to path %s' % path
return path
security.declareProtected('Import/Export objects', 'update') security.declareProtected('Import/Export objects', 'update')
def update(self, bt): def update(self, bt):
"""Update a working copy. """Update a working copy.
""" """
path = self.getSubversionPath(bt) path = self._getWorkingPath(self.getSubversionPath(bt))
client = self._getClient() client = self._getClient()
# Revert local changes in working copy first to import a "pure" BT after update # Revert local changes in working copy first to import a "pure" BT after update
self.revert(path=path, recurse=True) self.revert(path=path, recurse=True)
...@@ -651,7 +665,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -651,7 +665,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
def switch(self, bt, url): def switch(self, bt, url):
"""switch SVN repository for a working copy. """switch SVN repository for a working copy.
""" """
path = self.getSubversionPath(bt) path = self._getWorkingPath(self.getSubversionPath(bt))
client = self._getClient() client = self._getClient()
if url[-1] == '/' : if url[-1] == '/' :
url = url[:-1] url = url[:-1]
...@@ -665,9 +679,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -665,9 +679,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
""" """
if bt is not None: if bt is not None:
if isinstance(path, list) : if isinstance(path, list) :
path = [self.relativeToAbsolute(x, bt) for x in path] path = [self._getWorkingPath(self.relativeToAbsolute(x, bt)) for x in path]
else: else:
path = self.relativeToAbsolute(path, bt) path = self._getWorkingPath(self.relativeToAbsolute(path, bt))
client = self._getClient() client = self._getClient()
return client.add(path) return client.add(path)
...@@ -675,7 +689,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -675,7 +689,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
def info(self, bt): def info(self, bt):
"""return info of working copy """return info of working copy
""" """
working_copy = self.getSubversionPath(bt) working_copy = self._getWorkingPath(self.getSubversionPath(bt))
client = self._getClient() client = self._getClient()
return client.info(working_copy) return client.info(working_copy)
...@@ -685,13 +699,13 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -685,13 +699,13 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""return log of a file or dir """return log of a file or dir
""" """
client = self._getClient() client = self._getClient()
return client.log(self.relativeToAbsolute(path, bt)) return client.log(self._getWorkingPath(self.relativeToAbsolute(path, bt)))
security.declareProtected('Import/Export objects', 'cleanup') security.declareProtected('Import/Export objects', 'cleanup')
def cleanup(self, bt): def cleanup(self, bt):
"""remove svn locks in working copy """remove svn locks in working copy
""" """
working_copy = self.getSubversionPath(bt) working_copy = self._getWorkingPath(self.getSubversionPath(bt))
client = self._getClient() client = self._getClient()
return client.cleanup(working_copy) return client.cleanup(working_copy)
...@@ -702,9 +716,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -702,9 +716,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
""" """
if bt is not None: if bt is not None:
if isinstance(path, list) : if isinstance(path, list) :
path = [self.relativeToAbsolute(x, bt) for x in path] path = [self._getWorkingPath(self.relativeToAbsolute(x, bt)) for x in path]
else: else:
path = self.relativeToAbsolute(path, bt) path = self._getWorkingPath(self.relativeToAbsolute(path, bt))
client = self._getClient() client = self._getClient()
return client.remove(path) return client.remove(path)
...@@ -713,7 +727,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -713,7 +727,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""Move/Rename a file or a directory. """Move/Rename a file or a directory.
""" """
client = self._getClient() client = self._getClient()
return client.move(src, dest) return client.move(self._getWorkingPath(src), self._getWorkingPath(dest))
security.declareProtected('Import/Export objects', 'ls') security.declareProtected('Import/Export objects', 'ls')
# path can be relative or absolute # path can be relative or absolute
...@@ -721,7 +735,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -721,7 +735,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""Display infos about a file. """Display infos about a file.
""" """
client = self._getClient() client = self._getClient()
return client.ls(self.relativeToAbsolute(path, bt)) return client.ls(self._getWorkingPath(self.relativeToAbsolute(path, bt)))
security.declareProtected('Import/Export objects', 'diff') security.declareProtected('Import/Export objects', 'diff')
# path can be relative or absolute # path can be relative or absolute
...@@ -729,7 +743,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -729,7 +743,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""Make a diff for a file or a directory. """Make a diff for a file or a directory.
""" """
client = self._getClient() client = self._getClient()
return client.diff(self.relativeToAbsolute(path, bt), revision1, revision2) return client.diff(self._getWorkingPath(self.relativeToAbsolute(path, bt)), revision1, revision2)
security.declareProtected('Import/Export objects', 'revert') security.declareProtected('Import/Export objects', 'revert')
# path can be absolute or relative # path can be absolute or relative
...@@ -738,9 +752,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -738,9 +752,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
""" """
client = self._getClient() client = self._getClient()
if not isinstance(path, list) : if not isinstance(path, list) :
path = [path] path = [self._getWorkingPath(self.relativeToAbsolute(path))]
if bt is not None: if bt is not None:
path = [self.relativeToAbsolute(x, bt) for x in path] path = [self._getWorkingPath(self.relativeToAbsolute(x, bt)) for x in path]
client.revert(path, recurse) client.revert(path, recurse)
security.declareProtected('Import/Export objects', 'revertZODB') security.declareProtected('Import/Export objects', 'revertZODB')
...@@ -763,7 +777,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -763,7 +777,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
# Reinstall removed or modified files # Reinstall removed or modified files
for p in other_files : for p in other_files :
path_list = p.split(os.sep) path_list = self._getWorkingPath(p).split(os.sep)
if 'bt' not in path_list: if 'bt' not in path_list:
if len(path_list) > 2 : if len(path_list) > 2 :
tmp = os.sep.join(path_list[2:]) tmp = os.sep.join(path_list[2:])
...@@ -773,7 +787,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -773,7 +787,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
path_added_list = [] path_added_list = []
# remove added files # remove added files
for p in added_files : for p in added_files :
path_list = p.split(os.sep) path_list = self._getWorkingPath(p).split(os.sep)
if 'bt' not in path_list: if 'bt' not in path_list:
if len(path_list) > 2 : if len(path_list) > 2 :
tmp = os.sep.join(path_list[2:]) tmp = os.sep.join(path_list[2:])
...@@ -809,9 +823,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -809,9 +823,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
""" """
client = self._getClient() client = self._getClient()
if isinstance(path, list) : if isinstance(path, list) :
path = [self.relativeToAbsolute(x, bt) for x in path] path = [self._getWorkingPath(self.relativeToAbsolute(x, bt)) for x in path]
else: else:
path = self.relativeToAbsolute(path, bt) path = self._getWorkingPath(self.relativeToAbsolute(path, bt))
return client.resolved(path) return client.resolved(path)
def relativeToAbsolute(self, path, bt) : def relativeToAbsolute(self, path, bt) :
...@@ -830,9 +844,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -830,9 +844,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""Commit local changes. """Commit local changes.
""" """
if isinstance(path, list) : if isinstance(path, list) :
path = [self.relativeToAbsolute(x, bt) for x in path] path = [self._getWorkingPath(self.relativeToAbsolute(x, bt)) for x in path]
else: else:
path = self.relativeToAbsolute(path, bt) path = self._getWorkingPath(self.relativeToAbsolute(path, bt))
client = self._getClient() client = self._getClient()
return client.checkin(path, log_message, recurse) return client.checkin(path, log_message, recurse)
...@@ -841,14 +855,14 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -841,14 +855,14 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""Get status. """Get status.
""" """
client = self._getClient() client = self._getClient()
return client.status(path, **kw) return client.status(self._getWorkingPath(path), **kw)
security.declareProtected('Import/Export objects', 'unversionedFiles') security.declareProtected('Import/Export objects', 'unversionedFiles')
def unversionedFiles(self, path, **kw): def unversionedFiles(self, path, **kw):
"""Return unversioned files """Return unversioned files
""" """
client = self._getClient() client = self._getClient()
status_list = client.status(path, **kw) status_list = client.status(self._getWorkingPath(path), **kw)
unversioned_list = [] unversioned_list = []
for statusObj in status_list: for statusObj in status_list:
if str(statusObj.getTextStatus()) == "unversioned": if str(statusObj.getTextStatus()) == "unversioned":
...@@ -862,7 +876,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -862,7 +876,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""Return unversioned files """Return unversioned files
""" """
client = self._getClient() client = self._getClient()
status_list = client.status(path, **kw) status_list = client.status(self._getWorkingPath(path), **kw)
conflicted_list = [] conflicted_list = []
for statusObj in status_list: for statusObj in status_list:
if str(statusObj.getTextStatus()) == "conflicted": if str(statusObj.getTextStatus()) == "conflicted":
...@@ -876,11 +890,11 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -876,11 +890,11 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
"""Remove all files and folders in list """Remove all files and folders in list
""" """
for file in list: for file in list:
removeAll(file) removeAll(self._getWorkingPath(file))
def getModifiedTree(self, bt, show_unmodified=False) : def getModifiedTree(self, bt, show_unmodified=False) :
# Remove trailing slash if it's present # Remove trailing slash if it's present
path = self.getSubversionPath(bt) path = self._getWorkingPath(self.getSubversionPath(bt))
root = Dir(path, "normal") root = Dir(path, "normal")
somethingModified = False somethingModified = False
...@@ -921,7 +935,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -921,7 +935,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
def extractBT(self, bt): def extractBT(self, bt):
bt.build() bt.build()
svn_path = self.getSubversionPath(bt) + os.sep svn_path = self._getWorkingPath(self.getSubversionPath(bt) + os.sep)
path = mktemp() + os.sep path = mktemp() + os.sep
bt.export(path=path, local=1) bt.export(path=path, local=1)
# svn del deleted files # svn del deleted files
...@@ -933,7 +947,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -933,7 +947,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
self.activate().removeAllInList([path,]) self.activate().removeAllInList([path,])
def importBT(self, bt): def importBT(self, bt):
return bt.download(self.getSubversionPath(bt)) return bt.download(self._getWorkingPath(self.getSubversionPath(bt)))
# Get a list of files and keep only parents # Get a list of files and keep only parents
# Necessary before recursively commit removals # Necessary before recursively commit removals
...@@ -1024,7 +1038,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -1024,7 +1038,7 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
self.add([os.path.join(old_dir, x[1]) for x in list]) self.add([os.path.join(old_dir, x[1]) for x in list])
def treeToXML(self, item, bt) : def treeToXML(self, item, bt) :
working_copy = self.getSubversionPath(bt, False) + os.sep working_copy = self._getWorkingPath(self.getSubversionPath(bt, False) + os.sep)
output = "<?xml version='1.0' encoding='iso-8859-1'?>"+ os.linesep output = "<?xml version='1.0' encoding='iso-8859-1'?>"+ os.linesep
output += "<tree id='0'>" + os.linesep output += "<tree id='0'>" + os.linesep
output = self._treeToXML(item, working_copy, output, 1, True) output = self._treeToXML(item, working_copy, output, 1, True)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment