MIDNIGHT/frappe-lms
2
0
Fork 0
mirror of https://github.com/frappe/lms.git synced 2026-04-19 22:52:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

test: corrected zip path

Browse Source
This commit is contained in:
Jannat Patel
2026-04-02 19:24:07 +05:30
parent 55f01dc313
commit 6ebaf0e28b
3 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cypress/e2e/course_creation.cy.js
View File

@@ -176,7 +176,10 @@ describe("Course Creation", () => {
cy.get("div").contains("Test Course").click();
cy.get("button").contains("Settings").click();
cy.get("header").within(() => {
cy.get("svg.lucide.lucide-trash2-icon").click();
cy.get("svg.lucide.lucide-ellipsis-icon").click();
});
cy.get("div[role=menu]").within(() => {
cy.get("span").contains("Delete").click();
});
cy.get("span").contains("Delete").click();
cy.wait(500);

10
lms/lms/course_import_export.py
View File

@@ -11,6 +11,7 @@ from urllib.parse import urlparse
import frappe
from frappe import _
from frappe.utils import escape_html, validate_email_address
from frappe.utils.file_manager import is_safe_path
def export_course_zip(course_name):
@@ -151,6 +152,8 @@ def read_asset_content(url):
try:
file_doc = frappe.get_doc("File", {"file_url": url})
file_path = file_doc.get_full_path()
if not is_safe_path(file_path):
return None
with open(file_path, "rb") as f:
return f.read()
except Exception:
@@ -657,8 +660,7 @@ def create_asset_doc(asset_name, content):
def process_asset_file(zip_file, file):
if is_unsafe_path(file):
frappe.log_error(f"Unsafe asset path: {file}")
if not is_safe_path(file):
return
with zip_file.open(file) as f:
create_asset_doc(file.split("/")[-1], f.read())
@@ -719,7 +721,3 @@ def sanitize_filename(filename):
def validate_zip_file(zip_file_path):
if not os.path.exists(zip_file_path) or not zipfile.is_zipfile(zip_file_path):
frappe.throw(_("Invalid ZIP file"))
def is_unsafe_path(path):
return ".." in path or path.startswith("/") or path.startswith("\\") or re.search(r'[<>:"|?*]', path)

2
lms/lms/test_api.py
View File

@@ -146,7 +146,7 @@ class TestLMSAPI(BaseTestUtils):
def get_imported_course(self):
latest_file = self.get_latest_zip_file()
self.assertTrue(latest_file)
zip_file_path = f"/{latest_file.lstrip(frappe.get_site_path())}"
zip_file_path = f"/{"/".join(latest_file.split("/")[2:])}"
imported_course_name = import_course_from_zip(zip_file_path)
imported_course = frappe.get_doc("LMS Course", imported_course_name)
return imported_course