2008-11-14 03:03:42 +08:00
|
|
|
import os
|
2014-02-09 20:37:14 +08:00
|
|
|
import tempfile
|
2016-12-01 18:38:01 +08:00
|
|
|
from os.path import abspath, dirname, join, normcase, sep
|
2012-12-08 18:13:52 +08:00
|
|
|
|
2014-11-12 01:59:49 +08:00
|
|
|
from django.core.exceptions import SuspiciousFileOperation
|
2007-08-12 20:49:01 +08:00
|
|
|
|
2013-11-03 07:53:29 +08:00
|
|
|
|
2007-08-12 20:49:01 +08:00
|
|
|
def safe_join(base, *paths):
|
|
|
|
"""
|
2017-01-25 04:32:33 +08:00
|
|
|
Join one or more path components to the base path component intelligently.
|
|
|
|
Return a normalized, absolute version of the final path.
|
2007-08-12 20:49:01 +08:00
|
|
|
|
2017-01-25 04:32:33 +08:00
|
|
|
Raise ValueError if the final path isn't located inside of the base path
|
|
|
|
component.
|
2007-08-12 20:49:01 +08:00
|
|
|
"""
|
2017-01-20 21:01:02 +08:00
|
|
|
final_path = abspath(join(base, *paths))
|
|
|
|
base_path = abspath(base)
|
2011-05-23 07:56:42 +08:00
|
|
|
# Ensure final_path starts with base_path (using normcase to ensure we
|
2012-09-08 04:49:22 +08:00
|
|
|
# don't false-negative on case insensitive operating systems like Windows),
|
|
|
|
# further, one of the following conditions must be true:
|
|
|
|
# a) The next character is the path separator (to prevent conditions like
|
|
|
|
# safe_join("/dir", "/../d"))
|
|
|
|
# b) The final path must be the same as the base path.
|
|
|
|
# c) The base path must be the most root path (meaning either "/" or "C:\\")
|
|
|
|
if (not normcase(final_path).startswith(normcase(base_path + sep)) and
|
2013-11-26 17:43:46 +08:00
|
|
|
normcase(final_path) != normcase(base_path) and
|
|
|
|
dirname(normcase(base_path)) != normcase(base_path)):
|
2014-11-12 01:59:49 +08:00
|
|
|
raise SuspiciousFileOperation(
|
|
|
|
'The joined path ({}) is located outside of the base path '
|
|
|
|
'component ({})'.format(final_path, base_path))
|
2007-08-12 20:49:01 +08:00
|
|
|
return final_path
|
2010-12-31 22:22:55 +08:00
|
|
|
|
2011-12-23 06:38:10 +08:00
|
|
|
|
2014-02-09 20:37:14 +08:00
|
|
|
def symlinks_supported():
|
|
|
|
"""
|
2017-01-25 04:32:33 +08:00
|
|
|
Return whether or not creating symlinks are supported in the host platform
|
|
|
|
and/or if they are allowed to be created (e.g. on Windows it requires admin
|
|
|
|
permissions).
|
2014-02-09 20:37:14 +08:00
|
|
|
"""
|
2017-01-27 02:54:16 +08:00
|
|
|
with tempfile.TemporaryDirectory() as temp_dir:
|
|
|
|
original_path = os.path.join(temp_dir, 'original')
|
|
|
|
symlink_path = os.path.join(temp_dir, 'symlink')
|
|
|
|
os.makedirs(original_path)
|
|
|
|
try:
|
|
|
|
os.symlink(original_path, symlink_path)
|
|
|
|
supported = True
|
|
|
|
except (OSError, NotImplementedError):
|
|
|
|
supported = False
|
2014-02-09 20:37:14 +08:00
|
|
|
return supported
|