-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit image referencing possibilities in imported TSVs #806
Comments
I'm putting the issue in 'to clarify' as I'm unsure on how much strictness we should move to. |
It should be possible to place images in subdirectories for any kind of instrument but those subdirectories should always be relative to the .tsv file and below it. So this is valid
But this not valid
The rationale for authorising images in sub-directories is that, for large datasets, one usually likes to have all tsv files at the root and images in subdirectories to be able to quickly access all .tsv without fishing for them inside folders of thousands of images. Also, having images sorted in per taxon folders is quite common for archived datasets and allowing to create a .tsv file to reference them and import them is convenient. We don't want to authorise images outside of the root folder because some checks become impossible (#286) and this opens the way to importing unwanted things. It also makes things messy when unzipping zip archives. |
As of today and since a few years, probably due to the addition of UVP6 file format, column img_file_name can contain nearly any valid path and allow to escape 'current ' directory:
https://github.com/ecotaxa/ecotaxa/blob/c84dfdffaa84aa759b0f6de9c14047aa5fca0452/appli/tasks/taskimport.py#L224
Demo of the behavior of "/" operator used above:
The behavior has been ported identically to the new back-end development, but with a bit more comments:
https://github.com/ecotaxa/ecotaxa_back/blob/073997062f01cb5650558e9d4f6f1e7a32e313c1/py/BO/TSVFile.py#L232
It is (now) obvious that the original code was a mistake in that:
The text was updated successfully, but these errors were encountered: