Issue 8555032: Fix directory traversal issue in extension doc server.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 8555032: Fix directory traversal issue in extension doc server. (Closed)

Created:
9 years, 1 month ago by Aaron Boodman

Modified:
9 years, 1 month ago

Reviewers:
Mihai Parparita -not on Chrome

CC:
chromium-reviews, Aaron Boodman, Erik does not do reviews, mihaip+watch_chromium.org

Base URL:
svn://svn.chromium.org/chrome/trunk/src

Visibility:
Public.

More Reviews

Description

Fix directory traversal issue in extension doc server. BUG=104272

Patch Set 1 #

Total comments: 2

Created: 9 years, 1 month ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+22 lines, -20 lines)			Patch
M	chrome/common/extensions/docs/server/app.yaml	View	1 chunk	+8 lines, -8 lines	0 comments	Download
M	chrome/common/extensions/docs/server/chromeextensionsdocs.py	View	1 chunk	+3 lines, -1 line	2 comments	Download
M	chrome/common/extensions/docs/server/index.yaml	View	1 chunk	+11 lines, -11 lines	0 comments	Download

Messages

Total messages: 3 (0 generated)

Expand Messages | Collapse Messages

Mihai Parparita -not on Chrome

LGTM http://codereview.chromium.org/8555032/diff/1/chrome/common/extensions/docs/server/chromeextensionsdocs.py File chrome/common/extensions/docs/server/chromeextensionsdocs.py (right): http://codereview.chromium.org/8555032/diff/1/chrome/common/extensions/docs/server/chromeextensionsdocs.py#newcode75 chrome/common/extensions/docs/server/chromeextensionsdocs.py:75: # TODO(aa): Do we need to pass the ...

9 years, 1 month ago (2011-11-15 14:44:49 UTC) #2

Aaron Boodman

9 years, 1 month ago (2011-11-15 19:06:57 UTC) #3

http://codereview.chromium.org/8555032/diff/1/chrome/common/extensions/docs/s...
File chrome/common/extensions/docs/server/chromeextensionsdocs.py (right):

http://codereview.chromium.org/8555032/diff/1/chrome/common/extensions/docs/s...
chrome/common/extensions/docs/server/chromeextensionsdocs.py:75: # TODO(aa): Do
we need to pass the querystring through here? We used to,
On 2011/11/15 14:44:49, Mihai Parparita wrote:
> You could also switch this to url + '?' + self.request.query_string (which I
> assume is closer to the intent of the original code).

Aha! In that case, I'm comfortable just removing this completely since it wasn't
working before anyway. Thanks :)

Expand Messages | Collapse Messages