Commit 6f56783b authored by Christophe Dumez's avatar Christophe Dumez

- Revert was broken since I added the security asked by Yoshinori. I fixed the...

- Revert was broken since I added the security asked by Yoshinori. I fixed the problem, it should work now.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@8313 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent fb22c7db
...@@ -879,10 +879,12 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -879,10 +879,12 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
added_files = [added_files] added_files = [added_files]
if not isinstance(other_files, list) : if not isinstance(other_files, list) :
other_files = [other_files] other_files = [other_files]
# Reinstall removed or modified files # Reinstall removed or modified files
for path in other_files : for path in other_files :
path_list = self._getWorkingPath(self.relativeToAbsolute(path, business_template)).split(os.sep) # security check
self._getWorkingPath(self.relativeToAbsolute(path, business_template))
path_list = path.split(os.sep)
if 'bt' not in path_list: if 'bt' not in path_list:
if len(path_list) > 2 : if len(path_list) > 2 :
tmp = os.sep.join(path_list[2:]) tmp = os.sep.join(path_list[2:])
...@@ -892,7 +894,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder): ...@@ -892,7 +894,9 @@ class SubversionTool(BaseTool, UniqueObject, Folder):
path_added_list = [] path_added_list = []
# remove added files # remove added files
for path in added_files : for path in added_files :
path_list = self._getWorkingPath(self.relativeToAbsolute(path, business_template)).split(os.sep) # security check
self._getWorkingPath(self.relativeToAbsolute(path, business_template))
path_list = path.split(os.sep)
if 'bt' not in path_list: if 'bt' not in path_list:
if len(path_list) > 2 : if len(path_list) > 2 :
tmp = os.sep.join(path_list[2:]) tmp = os.sep.join(path_list[2:])
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment