Description
Currently a package is shown to unzip to no superuser users.
Steps to reproduce
Example
Component selection
- general
Details
MoinMoin Version |
this wiki |
OS and Version |
|
Python Version |
|
Server Setup |
|
Server Details |
|
Language you are using the wiki in (set in the browser/UserPreferences) |
|
Workaround
1 diff -r b81376013df9 MoinMoin/action/AttachFile.py
2 --- a/MoinMoin/action/AttachFile.py Sat Jan 26 19:18:41 2008 +0100
3 +++ b/MoinMoin/action/AttachFile.py Mon Jan 28 10:32:52 2008 +0100
4 @@ -361,11 +361,11 @@ def _build_filelist(request, pagename, s
5 viewlink = '<a href="%(baseurl)s/%(urlpagename)s?action=%(action)s&drawing=%(base)s">%(label_edit)s</a>' % parmdict
6 else:
7 viewlink = '<a href="%(baseurl)s/%(urlpagename)s?action=%(action)s&do=view&target=%(urlfile)s">%(label_view)s</a>' % parmdict
8 -
9 - if (packages.ZipPackage(request, os.path.join(attach_dir, file).encode(config.charset)).isPackage() and
10 - request.user.isSuperUser() and request.user.may.write(pagename)):
11 +
12 + is_package = packages.ZipPackage(request, os.path.join(attach_dir, file).encode(config.charset)).isPackage()
13 + if is_package and request.user.isSuperUser() and request.user.may.write(pagename):
14 viewlink += ' | <a href="%(baseurl)s/%(urlpagename)s?action=%(action)s&do=install&target=%(urlfile)s">%(label_install)s</a>' % parmdict
15 - elif (zipfile.is_zipfile(os.path.join(attach_dir, file).encode(config.charset)) and
16 + elif (zipfile.is_zipfile(os.path.join(attach_dir, file).encode(config.charset)) and not is_package and
17 mt.minor == 'zip' and request.user.may.read(pagename) and request.user.may.delete(pagename)
18 and request.user.may.write(pagename)):
19 viewlink += ' | <a href="%(baseurl)s/%(urlpagename)s?action=%(action)s&do=unzip&target=%(urlfile)s">%(label_unzip)s</a>' % parmdict
Discussion
We have to check how much time it costs for checking of a zip file being a package file.
Plan
- Priority:
- Assigned to:
- Status: 1.7 3023:4ec124c124c9 and 1.6 2528:f35fd499c560 (slightly modified)