Ignore incorrect base 64 padding.

klokantech · Feb 13, 2018 · 1000019 · 1000019
1 parent 0d1c629
commit 1000019
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/app/jekylledit/controllers/site.py b/app/jekylledit/controllers/site.py
@@ -138,7 +138,7 @@ def site_file(site_id, file_id):
 
     # Update post
     elif request.method == 'PUT':
-        filename = b64decode(file_id).decode()
+        filename = decode_filename(file_id)
         if not repository.is_path_in(filename):
             abort(403)
         filemask = filename.rsplit('-', 1)[0] + '-{}.' \
@@ -164,7 +164,7 @@ def site_file(site_id, file_id):
     elif request.method == 'DELETE':
         if not Permission(('administrator', site_id)):
             abort(403)
-        filename = b64decode(file_id).decode()
+        filename = decode_filename(file_id)
         if not repository.is_path_in(filename):
             abort(403)
         filemask = filename.rsplit('-', 1)[0] + '-{}.' \
@@ -180,7 +180,7 @@ def site_file(site_id, file_id):
 
     # Return post
     else:
-        filename = b64decode(file_id).decode()
+        filename = decode_filename(file_id)
         if not repository.is_path_in(filename):
             abort(403)
         filemask = filename.rsplit('-', 1)[0] + '-{}.' \
@@ -199,6 +199,10 @@ def site_file(site_id, file_id):
         })
 
 
+def decode_filename(file_id):
+    return b64decode(file_id + '===').decode()
+
+
 # Response related drafts
 @app.route('/site/<site_id>/drafts', methods=['GET'])
 @cross_origin()

diff --git a/app/jekylledit/model/site.py b/app/jekylledit/model/site.py
@@ -150,13 +150,13 @@ def remove_post(self, filename):
     def save_media(self, media):
         config = self.get_config()
         created = []
-        for key, medio in media.items():
-            if not '/' in key:
+        for key, medium in media.items():
+            if '/' not in key:
                 filename = self.repository.path(config['media'] + '/' + key)
             else:
                 filename = self.repository.path(key)
             with open(filename, 'wb+') as fm:
-                fm.write(b64decode(medio['data']))
+                fm.write(b64decode(medium['data']))
                 created.append(filename)
         return created