I have a initial view which works as a folder browser for url:
(r'^f/(?P<path>.*?)/$', 'drcsm.views.list_rcs')
####################
def list_rcs(request, path):
path = '/' + path
# workdir prevents ../ chets but... no cheating
if path.find('..') != -1 or path.find('./') != -1:
raise Exception, 'No cheating'
workdir = settings.RCS_ROOT + normpath(path)
if isdir(workdir):
content = listdir(workdir)
files = []
dirs = []
#from dive into python :)
#print [f for f in listdir(workdir) if isfile(join(workdir, f))]
#print [f for f in listdir(workdir) if isdir(join(workdir, f))]
for c in content:
if not c.startswith('.'):
if isdir(workdir + '/' + c):
dirs.append(c)
else:
files.append(c)
return render_to_response('drcsm/' + settings.ENGINE +
'/list.html',
{'files': files, 'dirs': dirs, 'path': path, 'theme': settings.THEME,
'engine': settings.ENGINE})
else:
return render_to_response('drcsm/' + settings.ENGINE +
'/error.html',
{'error': 'Zly Katalog', 'theme': settings.THEME, 'engine':
settings.ENGINE})
################################
Can this be improved or has some security holes ?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
