# HG changeset patch # User Atul Varma # Date 1275540194 25200 # Node ID 4b66cf5f42bf690aeda40de39e2b5c774579da14 # Parent 026d83327522b3d0b985f83d76a91ddbd9ec67d7 file: uri no longer supported by default diff -r 026d83327522 -r 4b66cf5f42bf bzezpatch/app.py --- a/bzezpatch/app.py Wed Jun 02 21:34:40 2010 -0700 +++ b/bzezpatch/app.py Wed Jun 02 21:43:14 2010 -0700 @@ -2,6 +2,7 @@ import os import json import tempfile +import urlparse import traceback import bzezpatch.hg @@ -9,8 +10,12 @@ class App(object): JSON_TYPE = 'application/json' - def __init__(self, **kwargs): - self.__dict__.update(kwargs) + DEFAULT_ALLOW_SCHEMES = ('http', 'https') + + def __init__(self, root_dir, hg, allow_schemes=DEFAULT_ALLOW_SCHEMES): + self.root_dir = root_dir + self.hg = hg + self.allow_schemes = allow_schemes self.static_files_dir = os.path.join(self.root_dir, 'static-files') def __call__(self, environ, start_response): @@ -45,8 +50,8 @@ try: info = json.loads(input) url = info['url'] - # TODO: If the remote connection isn't from localhost, - # and the url scheme is not http: or https:, raise an error. + if urlparse.urlparse(url).scheme not in self.allow_schemes: + return error_bad_request() except Exception: return error_bad_request() diff -r 026d83327522 -r 4b66cf5f42bf dev_server.py --- a/dev_server.py Wed Jun 02 21:34:40 2010 -0700 +++ b/dev_server.py Wed Jun 02 21:43:14 2010 -0700 @@ -9,7 +9,8 @@ repopath = os.path.expanduser('~/Documents/jetpack-sdk') hg = bzezpatch.hg.Hg(hg='hg', canonical_repo=repopath) app = bzezpatch.app.App(root_dir=os.getcwd(), - hg=hg) + hg=hg, + allow_schemes=('http', 'https', 'file')) httpd = make_server('127.0.0.1', 8000, app) print "serving on port 8000" httpd.serve_forever()