Context Navigation

Ticket #2923: 2923.patch

File 2923.patch, 713 bytes (added by justin.driscoll@…, 17 years ago)
Strip forward slash from "field_data" in "isWithinMediaRoot".

         # If the raw path is passed in, validate it's under the MEDIA_ROOT.
         def isWithinMediaRoot(field_data, all_data):
             f = os.path.abspath(os.path.join(settings.MEDIA_ROOT, field_data))
+            f = os.path.abspath(os.path.join(settings.MEDIA_ROOT, field_data.strip('/')))
             if not f.startswith(os.path.abspath(os.path.normpath(settings.MEDIA_ROOT))):
                 raise validators.ValidationError, _("Enter a valid filename.")
         field_list[1].validator_list.append(isWithinMediaRoot)