utils.IsBelowDir is actually tested and doesn't allow writes to
“…/queue*”, like the old code here did.
---
lib/backend.py | 7 ++-----
1 files changed, 2 insertions(+), 5 deletions(-)
diff --git a/lib/backend.py b/lib/backend.py
index 3f2dc74..2bcc631 100644
--- a/lib/backend.py
+++ b/lib/backend.py
@@ -2811,12 +2811,9 @@ def _EnsureJobQueueFile(file_name):
@raises RPCFail: if the file is not valid
"""
- queue_dir = os.path.normpath(pathutils.QUEUE_DIR)
- result = (os.path.commonprefix([queue_dir, file_name]) == queue_dir)
-
- if not result:
+ if not utils.IsBelowDir(pathutils.QUEUE_DIR, file_name):
_Fail("Passed job queue file '%s' does not belong to"
- " the queue directory '%s'", file_name, queue_dir)
+ " the queue directory '%s'", file_name, pathutils.QUEUE_DIR)
def JobQueueUpdate(file_name, content):
--
1.7.7.3
