Improved support for upload_docs. If a docs_directory parameter is passe... #48

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
4 participants

...d in, docs will be unzipped into that directory under their package name (version skipped)

Added in support for a docs_directory parameter when starting server. Any documentation uploaded will be saved in this folder which can be served by a webserver.

@pete-theobald-Agenda21 pete-theobald-Agenda21 Improved support for upload_docs. If a docs_directory parameter is pa…
…ssed in, docs will be unzipped into that directory under their package name (version skipped)
2eb8e6f
Contributor

schmir commented Feb 26, 2014

I do think the proposed code would allow an attacker to make pypiserver call shutil.rmtree on any directory, since it calls os.path.join(..., name) on the name as extracted from the form. an attacker may just pass in an absolute path...

that's just proof of the arguments I gave in #47

sorry, but I'm not going to merge that.

schmir closed this Feb 26, 2014

Hi Ralf, Thats a massive clanger on my part, i'm using my fork internally at the moment but i've fixed it in my fork. I'll give it a test tomorrow to iron out any bugs but the code looks much much cleaner. If you want a pull request let me know and i'll do that once i've checked it.

kmwenja commented Sep 15, 2014

@pete-theobald @schmir Hey guys, what happened to this feature? I'm trying to get my private registry to display package descriptions when I came across this which would be preferable.

Contributor

schmir commented Sep 15, 2014

I think you should take a look at devpi.

kmwenja commented Sep 15, 2014

Ok, though I preferred the simplicity of pypiserver. So does this mean the feature list is closed on pypiserver (ie the simplicity part) or are you winding down support for pypiserver?

Contributor

schmir commented Sep 15, 2014

I've previously rejected that feature: schmir#47 (comment)

But you're right. pypiserver probably should get a new maintainer. I'm not using python anymore.

kmwenja commented Sep 15, 2014

Oh, thanks for that reference. So any plans for getting a new maintainer?

Contributor

schmir commented Sep 15, 2014

Does that mean you volunteer? Otherwise I'm probably going to add a section to the readme...

kmwenja commented Sep 15, 2014

Haha, no, too busy for it, but thanks for the offer. Go ahead with the
readme section.

On Mon, Sep 15, 2014 at 4:38 PM, Ralf Schmitt notifications@github.com
wrote:

Does that mean you volunteer? Otherwise I'm probably going to add a
section to the readme...


Reply to this email directly or view it on GitHub
schmir#48 (comment).

@kmwenja kmwenja pushed a commit to savannahinformatics/pypiserver that referenced this pull request Sep 28, 2014

@caninemwenja caninemwenja Upload documentation via setup.py upload_docs
* most of the code drawn from @pete-theobald's forked pypiserver
  repo (pypiserver#48)
* added the documentaion root configuration to the pypiserver
  script
* enabled overwrite of documentation when reuploaded
  (TODO: make this configurable)
71420dd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment