DisplayDict: évite les imports arbitraires
This commit is contained in:
Daniel STAN
parent
546cba760f
commit
c8cdf3170e
1 changed files with 17 additions and 0 deletions
|
|
@ -12,12 +12,29 @@ import sys
|
|||
import os.path
|
||||
import importlib
|
||||
|
||||
SECURE_PATHS = ['/usr/scripts']
|
||||
|
||||
def macro_DisplayDict(macro, args):
|
||||
"""Suppose que args est de la forme ``path:variable_name``"""
|
||||
# Si on utilise une virgule, MoinMoin foire lamentablement… ("Too many arguments")
|
||||
fichier, variable = args.split(":")
|
||||
# On importe le fichier demandé
|
||||
path = os.path.dirname(fichier)
|
||||
path = os.path.realpath(path)
|
||||
|
||||
def is_subdir(sec_path):
|
||||
"""Renvoie ``True`` si path est bien un sous-dossier de ``sec_path``"""
|
||||
if not path.startswith(sec_path):
|
||||
return False
|
||||
if len(path) == len(sec_path):
|
||||
return True
|
||||
# Si path est strictement plus long, alors on doit s'assure qu'on a
|
||||
# bien un slash après notre préfixe ``sec_path``
|
||||
return path[len(sec_path)] == os.path.sep
|
||||
|
||||
if not any( is_subdir(sec_path) for sec_path in SECURE_PATHS ):
|
||||
return """[[DisplayDict: forbidden]]"""
|
||||
|
||||
if not path in sys.path:
|
||||
sys.path.append(path)
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue