durusmail: quixote-users: What's needed to get filesystem-mapping module into Quixote 0.6?
What's needed to get filesystem-mapping module into Quixote 0.6?
2003-01-28
Hamish Lawson
REST and Quixote and FSM
2003-01-29
Dave Kuhlman
2003-02-02
Juan David Ibáñez Palomar
What's needed to get filesystem-mapping module into Quixote 0.6?
2003-03-05
Andrew Kuchling
2003-03-06
Greg Ward
2003-03-06
Andrew Kuchling
2003-03-06
Jonathan Corbet
2003-03-06
Andrew Kuchling
What's needed to get filesystem-mapping module into Quixote 0.6?
Andrew Kuchling
2003-03-06
On Thu, Mar 06, 2003 at 08:43:01AM -0700, Jonathan Corbet wrote:
>Just looking at the patch, I see that the StaticFilesFolder class puts in
>an entry for "..", but I don't see how you could follow it without getting
>a TraversalError.

The TraversalError is in case someone evil tries an HTTP operation
like GET /static/../etc/passwd.  Most browsers will clean up such a
URL by deleting '/static/../', so you'd probably have to write a script
to issue such an HTTP request.

>I also question the wisdom of caching file contents; the
>operating system already does that, and you'll just be taking up memory to
>duplicate that cache.  That can be turned off, at least.

Good point.  There's a case to be made for caching in StaticDirectory
because that requires a directory scan, but caching in StaticFile is
likely not worthwhile.  I'll rip it out.

--amk
reply