Mercurial > bzezpatch
changeset 4:4b66cf5f42bf
file: uri no longer supported by default
| author | Atul Varma <avarma@mozilla.com> |
|---|---|
| date | Wed, 02 Jun 2010 21:43:14 -0700 |
| parents | 026d83327522 |
| children | 14d152040c1d |
| files | bzezpatch/app.py dev_server.py |
| diffstat | 2 files changed, 11 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/bzezpatch/app.py Wed Jun 02 21:34:40 2010 -0700 +++ b/bzezpatch/app.py Wed Jun 02 21:43:14 2010 -0700 @@ -2,6 +2,7 @@ import os import json import tempfile +import urlparse import traceback import bzezpatch.hg @@ -9,8 +10,12 @@ class App(object): JSON_TYPE = 'application/json' - def __init__(self, **kwargs): - self.__dict__.update(kwargs) + DEFAULT_ALLOW_SCHEMES = ('http', 'https') + + def __init__(self, root_dir, hg, allow_schemes=DEFAULT_ALLOW_SCHEMES): + self.root_dir = root_dir + self.hg = hg + self.allow_schemes = allow_schemes self.static_files_dir = os.path.join(self.root_dir, 'static-files') def __call__(self, environ, start_response): @@ -45,8 +50,8 @@ try: info = json.loads(input) url = info['url'] - # TODO: If the remote connection isn't from localhost, - # and the url scheme is not http: or https:, raise an error. + if urlparse.urlparse(url).scheme not in self.allow_schemes: + return error_bad_request() except Exception: return error_bad_request()
--- a/dev_server.py Wed Jun 02 21:34:40 2010 -0700 +++ b/dev_server.py Wed Jun 02 21:43:14 2010 -0700 @@ -9,7 +9,8 @@ repopath = os.path.expanduser('~/Documents/jetpack-sdk') hg = bzezpatch.hg.Hg(hg='hg', canonical_repo=repopath) app = bzezpatch.app.App(root_dir=os.getcwd(), - hg=hg) + hg=hg, + allow_schemes=('http', 'https', 'file')) httpd = make_server('127.0.0.1', 8000, app) print "serving on port 8000" httpd.serve_forever()