change default OUTPUT_PERMISSIONS to disallow execution except on dirs
This commit is contained in:
parent
1112526543
commit
8230f88d80
2 changed files with 8 additions and 2 deletions
|
@ -74,7 +74,7 @@ CONFIG_SCHEMA: Dict[str, ConfigDefaultDict] = {
|
|||
'ONLY_NEW': {'type': bool, 'default': True},
|
||||
'TIMEOUT': {'type': int, 'default': 60},
|
||||
'MEDIA_TIMEOUT': {'type': int, 'default': 3600},
|
||||
'OUTPUT_PERMISSIONS': {'type': str, 'default': '755'},
|
||||
'OUTPUT_PERMISSIONS': {'type': str, 'default': '644'},
|
||||
'RESTRICT_FILE_NAMES': {'type': str, 'default': 'windows'},
|
||||
'URL_BLACKLIST': {'type': str, 'default': r'\.(css|js|otf|ttf|woff|woff2|gstatic\.com|googleapis\.com/css)(\?.*)?$'}, # to avoid downloading code assets as their own pages
|
||||
'ENFORCE_ATOMIC_WRITES': {'type': bool, 'default': True},
|
||||
|
|
|
@ -117,10 +117,16 @@ def chmod_file(path: str, cwd: str='.', permissions: str=OUTPUT_PERMISSIONS) ->
|
|||
raise Exception('Failed to chmod: {} does not exist (did the previous step fail?)'.format(path))
|
||||
|
||||
if not root.is_dir():
|
||||
# path is just a plain file
|
||||
os.chmod(root, int(OUTPUT_PERMISSIONS, base=8))
|
||||
else:
|
||||
for subpath in Path(path).glob('**/*'):
|
||||
os.chmod(subpath, int(OUTPUT_PERMISSIONS, base=8))
|
||||
if subpath.is_dir():
|
||||
# directories need execute permissions to be able to list contents
|
||||
perms_with_x_allowed = OUTPUT_PERMISSIONS.replace('4', '5').replace('6', '7')
|
||||
os.chmod(subpath, int(perms_with_x_allowed, base=8))
|
||||
else:
|
||||
os.chmod(subpath, int(OUTPUT_PERMISSIONS, base=8))
|
||||
|
||||
|
||||
@enforce_types
|
||||
|
|
Loading…
Reference in a new issue