use send_from_directory for file serving in development server

NVIDIA · Aug 7, 2015 · 63a8456 · 63a8456
1 parent 9bf3258
commit 63a8456
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 18 deletions.
diff --git a/digits/views.py b/digits/views.py
@@ -233,21 +233,7 @@ def serve_file(path):
  and this path will never be used
  """
  jobs_dir = config_value('jobs_dir')
- path = os.path.normpath(os.path.join(jobs_dir, path))
-
- # Don't allow path manipulation
- if not os.path.commonprefix([path, jobs_dir]).startswith(jobs_dir):
- raise werkzeug.exceptions.Forbidden('Path manipulation not allowed')
-
- if not os.path.exists(path):
- raise werkzeug.exceptions.NotFound('File not found')
- if os.path.isdir(path):
- raise werkzeug.exceptions.Forbidden('Folder cannot be served')
-
- with open(path, 'r') as infile:
- response = flask.make_response(infile.read())
- response.headers["Content-Disposition"] = "attachment; filename=%s" % os.path.basename(path)
- return response
+ return flask.send_from_directory(jobs_dir, path)
 
 ### Path Completion
 

diff --git a/docs/API.md b/docs/API.md
@@ -1,6 +1,6 @@
 # REST API
 
-*Generated Aug 06, 2015*
+*Generated Aug 07, 2015*
 
 DIGITS exposes its internal functionality through a REST API. You can access these endpoints by performing a GET or POST on the route, and a JSON object will be returned.
 

diff --git a/docs/FlaskRoutes.md b/docs/FlaskRoutes.md
@@ -1,6 +1,6 @@
 # Flask Routes
 
-*Generated Aug 06, 2015*
+*Generated Aug 07, 2015*
 
 Documentation on the various routes used internally for the web application.
 
@@ -406,7 +406,7 @@ Location: [`digits/model/views.py@92`](../digits/model/views.py#L92)
 
 Methods: **GET**
 
-Location: [`digits/views.py@255`](../digits/views.py#L255)
+Location: [`digits/views.py@241`](../digits/views.py#L241)
 
 ### `/files/<path:path>`