I found where this is occurring (out of the box run, no mods):
C:\Users\u30591\web2py_2.23.0\web2py\applications\admin\controllers\default.py:
def safe_open(a, b):
if (DEMO_MODE or is_gae) and ('w' in b or 'a' in b):
class tmp:
def write(self, data):
pass
def close(self):
pass
return tmp()
a_for_check = os.path.abspath(os.path.normpath(a))
web2py_apps_root = os.path.abspath(up(request.folder))
* if not a_for_check.startswith(web2py_apps_root):*
* raise HTTP(403) *
Because:
*web2py_apps_root* =
'C:\\Users\\myuser\\web2py_2.23.0\\web2py\\applications'
*a_for_check *=
'C:\\Users\\myuser\\web2py_2.23.0\\web2py\\deposit\\web2py.app.403_test.w2p'
On Thursday, January 5, 2023 at 9:54:07 AM UTC+1 Davidiam wrote:
> Good Morning,
>
> We are using IIS 10 with web2py 2.23.0.
>
> When I try to pack the welcome application (or any other), using pack_all
> I get a 403 error.
> When I try to pack the welcome application (or any other), using
> pack_custom, it first displays the file selector and when I click on
> download as .w2p I get a 403 error.
>
> This seems to be related to the open_redirect changes. I tried putting
> the 403 error related code from the admin\default.py controller in comment,
> but it still is giving the error.
>
> Kind Regards,
> David
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/9234f487-62f0-4308-a2b1-b55a2774d729n%40googlegroups.com.
