Patch to prevent serving .smug files

5 views
Skip to first unread message

Intchanter / Daniel Fackrell

unread,
Jul 6, 2010, 7:46:52 AM7/6/10
to smug-dev
I'm just getting started using Smug, but I noticed in reading the
documentation that the configuration is stored in the same tree as the
content being served. Testing on a couple of Smug-based sites and my
own development system, I was able to verify that this means that
requests for .smug files are happily served to anyone who asks.

This doesn't appear to be deliberate behavior, so here's a patch that
produces a 404 on these requests instead (and hopefully the formatting
will be preserved by Google Groups):

-- START protect_dot_smug.patch --
From 06f5220db5ccf289cde4524bd2c569fd406162c2 Mon Sep 17 00:00:00 2001
From: Intchanter <unle...@gmail.com>
Date: Sat, 15 May 2010 17:22:07 -0600
Subject: [PATCH] Prevent displaying the internal .smug file

---
smug/views/page.py | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/smug/views/page.py b/smug/views/page.py
index c6ccc78..ac70f63 100644
--- a/smug/views/page.py
+++ b/smug/views/page.py
@@ -18,7 +18,7 @@

DEFAULT_BRANCH = 'master'

-from django.http import HttpResponseBadRequest
+from django.http import HttpResponseBadRequest, Http404
from smug import config
from smug.pathops.edit import edit
from smug.pathops.raw import raw
@@ -35,6 +35,10 @@ def page(request, page=None, repo=None, **kwds):
error = 'URLs must not contain double slashes ("//").'
return HttpResponseBadRequest(error)

+ # Prevent displaying the internal .smug file.
+ if page == '.smug' or page.endswith('/.smug'):
+ raise Http404
+
branch = request.GET.get('branch', DEFAULT_BRANCH)
pathop = None
for name, func in PATHOPS.iteritems():
--
1.5.5.1
-- END protect_dot_smug.patch --

James Carroll

unread,
Jul 6, 2010, 11:20:03 AM7/6/10
to smug...@googlegroups.com
except that if you are logged in, it is nice to let the .smug files be served, especially if you want to edit them online. Perhaps an extra if in there, to determine if you are logged on?

James


--
You received this message because you are subscribed to the Google Groups "smug-dev" group.
To post to this group, send email to smug...@googlegroups.com.
To unsubscribe from this group, send email to smug-dev+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/smug-dev?hl=en.




--
"And very early in the morning
the first day of the week,
they came unto the sepulchre
at the rising of the sun..." (Mark 16:2)

Web: http://james.jlcarroll.net

Andrew McNabb

unread,
Jul 19, 2010, 10:48:06 AM7/19/10
to smug...@googlegroups.com
I like the patch and also James' idea about checking whether you're
logged in. I think the patch might also need to be updated to make sure
that it works for any sort of access; for example, I don't think it
checks for edits right now. But other than a few details, I think this
is great.

> > smug-dev+u...@googlegroups.com<smug-dev%2Bunsu...@googlegroups.com>


> > .
> > For more options, visit this group at
> > http://groups.google.com/group/smug-dev?hl=en.
> >
> >
>
>
> --
> "And very early in the morning
> the first day of the week,
> they came unto the sepulchre
> at the rising of the sun..." (Mark 16:2)
>
> Web: http://james.jlcarroll.net
>
> --
> You received this message because you are subscribed to the Google Groups "smug-dev" group.
> To post to this group, send email to smug...@googlegroups.com.
> To unsubscribe from this group, send email to smug-dev+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/smug-dev?hl=en.
>

--
Andrew McNabb
http://www.mcnabbs.org/andrew/
PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868

Reply all
Reply to author
Forward
0 new messages