Allow to remove files that were created in the tmp directory

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@9771 20353a03-c40f-0410-a6d1-a30d3c3de9de

Allow to remove files that were created in the tmp directory
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@9771 20353a03-c40f-0410-a6d1-a30d3c3de9de
c0f07076 · Alexandre Boeglin · 1966e168 · c0f07076
Commit c0f07076 authored Sep 08, 2006 by Alexandre Boeglin
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

product/ERP5Subversion/Tool/SubversionTool.py product/ERP5Subversion/Tool/SubversionTool.py +3 -2

No files found.
--- a/product/ERP5Subversion/Tool/SubversionTool.py
+++ b/product/ERP5Subversion/Tool/SubversionTool.py
@@ -39,7 +39,7 @@ import os, re
 from DateTime import DateTime
 from cPickle import dumps, loads
 from App.config import getConfiguration
-from tempfile import mktemp
+from tempfile import gettempdir, mktemp
 from Products.CMFCore.utils import getToolByName
 from Products.ERP5.Document.BusinessTemplate import removeAll
 from xml.sax.saxutils import escape
@@ -733,7 +733,8 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
  def _getWorkingPath(self, path):
    """ Check if the given path is reachable (allowed)
    """
-    if not path.startswith(self.top_working_path):
+    if not path.startswith(self.top_working_path) and \
+        not path.startswith(gettempdir()):
      raise UnauthorizedAccessToPath, 'Unauthorized access to path %s. It is NOT in your Zope home instance.' % path
    return path