Merge pull request #17 from mariobuikhuizen/fix_symlink_content

fix: 404 error on retrieving snippet content in symlinked dir
QuantStack · Apr 7, 2020 · 007cf56 · 007cf56
2 parents 03bbaea + 2cfb179
commit 007cf56
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/jupyterlab-snippets/_version.py b/jupyterlab-snippets/_version.py
@@ -1,2 +1,2 @@
-version_info = (0, 3, 1)
+version_info = (0, 3, 2)
 __version__ = ".".join(map(str, version_info))
diff --git a/jupyterlab-snippets/loader.py b/jupyterlab-snippets/loader.py
@@ -30,12 +30,15 @@ def get_snippet_content(self, snippet):
                 path = os.path.join(root_path, *snippet)
 
                 # Prevent access to the entire file system when the path contains '..'
-                accessible = os.path.realpath(path).startswith(root_path)
+                accessible = os.path.abspath(path).startswith(root_path)
+                if not accessible:
+                    print(f'jupyterlab-snippets: {path} not accessible from {root_path}')
 
                 if accessible and os.path.isfile(path):
                     with open(path) as f:
                         return f.read()
         except:
             raise tornado.web.HTTPError(status_code=500)
 
+        print(f'jupyterlab-snippets: {snippet} not found in {self.snippet_paths}')
         raise tornado.web.HTTPError(status_code=404)
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jupyterlab-snippets",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Snippets Extension for JupyterLab",
   "keywords": [
     "jupyter",