diff --git a/app.py b/app.py index e64551c0..b3aa1a5b 100644 --- a/app.py +++ b/app.py @@ -1,7 +1,5 @@ # -*- coding: utf-8 -*- -""" -This is a simple cheatsheet webapp. -""" +"""This is a simple cheatsheet webapp.""" import os from flask import Flask, abort, send_from_directory, render_template @@ -77,12 +75,12 @@ def page_not_found(e): def static_proxy(path): """Find static files safely.""" try: - safe_path = safe_join(ROOT, path) - return send_from_directory(ROOT, safe_path) - except (FileNotFoundError, IsADirectoryError): + return send_from_directory(ROOT, path) + except NotFound: # Handle file not found or directory errors return render_template("404.html"), 404 + @app.route("/") def index_redirection(): """Redirecting index file.""" @@ -101,4 +99,4 @@ def acme(token): if __name__ == "__main__": # Only run the app in debug mode during development - app.run(debug=os.environ.get("FLASK_ENV") == "development") \ No newline at end of file + app.run(debug=os.environ.get("FLASK_ENV") == "development") diff --git a/app_test.py b/app_test.py index b28245d3..0b25b3db 100644 --- a/app_test.py +++ b/app_test.py @@ -138,6 +138,10 @@ def test_static_proxy(self): self.assertEqual(resp.status_code, 200) resp.close() + u = "notes/../conf.py" + _, code = static_proxy(u) + self.assertEqual(code, 404) + def test_page_not_found(self): """Test page not found.""" html, status_code = page_not_found(None)