From d5dc5dd60e3bbff904a67dd02b4aff9226389942 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Thu, 8 Sep 2011 00:25:03 -0400 Subject: add tests for high-order chars in path elements and filenames --- CHANGES.txt | 6 ++++++ pyramid/tests/fixtures/static/.hiddenfile | 2 ++ .../tests/fixtures/static/h\303\251h\303\251.html" | 1 + .../fixtures/static/h\303\251h\303\251/index.html" | 1 + pyramid/tests/test_integration.py | 21 ++++++++++++++++++++- 5 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 pyramid/tests/fixtures/static/.hiddenfile create mode 100644 "pyramid/tests/fixtures/static/h\303\251h\303\251.html" create mode 100644 "pyramid/tests/fixtures/static/h\303\251h\303\251/index.html" diff --git a/CHANGES.txt b/CHANGES.txt index d2af41876..fda27592f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -8,6 +8,12 @@ Bug Fixes translations (``de``) would not work properly when using a localizer. See https://github.com/Pylons/pyramid/issues/263 +- The static file serving machinery could not serve files that started with a + ``.`` (dot) character (hidden files). + +- The static file serving machinery inappropriately URL-quoted path segments + in filenames when asking for files from the filesystem. + Documentation ------------- diff --git a/pyramid/tests/fixtures/static/.hiddenfile b/pyramid/tests/fixtures/static/.hiddenfile new file mode 100644 index 000000000..86d345000 --- /dev/null +++ b/pyramid/tests/fixtures/static/.hiddenfile @@ -0,0 +1,2 @@ +I'm hidden + diff --git "a/pyramid/tests/fixtures/static/h\303\251h\303\251.html" "b/pyramid/tests/fixtures/static/h\303\251h\303\251.html" new file mode 100644 index 000000000..fe5e9af50 --- /dev/null +++ "b/pyramid/tests/fixtures/static/h\303\251h\303\251.html" @@ -0,0 +1 @@ +hehe file diff --git "a/pyramid/tests/fixtures/static/h\303\251h\303\251/index.html" "b/pyramid/tests/fixtures/static/h\303\251h\303\251/index.html" new file mode 100644 index 000000000..67623d866 --- /dev/null +++ "b/pyramid/tests/fixtures/static/h\303\251h\303\251/index.html" @@ -0,0 +1 @@ +hehe diff --git a/pyramid/tests/test_integration.py b/pyramid/tests/test_integration.py index 3e2a6e452..42199ef29 100644 --- a/pyramid/tests/test_integration.py +++ b/pyramid/tests/test_integration.py @@ -70,6 +70,23 @@ class TestStaticAppBase(IntegrationBase): res = self.testapp.get('/minimal.pt', status=200) self._assertBody(res.body, os.path.join(here, 'fixtures/minimal.pt')) + def test_hidden(self): + res = self.testapp.get('/static/.hiddenfile', status=200) + self._assertBody(res.body, os.path.join(here, + 'fixtures/static/.hiddenfile')) + + def test_highchars_in_pathelement(self): + res = self.testapp.get('/static/h\xc3\xa9h\xc3\xa9/index.html', + status=200) + self._assertBody(res.body, os.path.join( + here, 'fixtures/static/h\xc3\xa9h\xc3\xa9/index.html')) + + def test_highchars_in_filename(self): + res = self.testapp.get('/static/h\xc3\xa9h\xc3\xa9.html', + status=200) + self._assertBody(res.body, os.path.join( + here, 'fixtures/static/h\xc3\xa9h\xc3\xa9.html')) + def test_not_modified(self): self.testapp.extra_environ = { 'HTTP_IF_MODIFIED_SINCE':httpdate(pow(2, 32)-1)} @@ -136,7 +153,9 @@ class TestStaticAppBase(IntegrationBase): def test_oob_slash(self): self.testapp.get('/%2F/test_integration.py', status=404) - # XXX pdb this + + def test_oob_dotdotslash_encoded(self): + self.testapp.get('/static/%2E%2E%2F/test_integration.py', status=404) class TestStaticAppUsingAbsPath(TestStaticAppBase, unittest.TestCase): package = 'pyramid.tests.pkgs.static_abspath' -- cgit v1.2.3