[Qgis-developer] Release problem

Victor Olaya volayaf at gmail.com
Wed Jun 27 00:39:22 PDT 2012 

Done! Thanks for your help

With the suggestion from Giuseppe, I was able to locate the
problematic files (SAGA help files that included "...." in its name)
and fix the problem.

Version 1.0.7 is already available for download

Hopefully people will use it, find more bugs and have more ideas, and
soon we will have a new version and we will get closer to a final one
that can be directly integrated in the QGIS core

Regards

Victor


2012/6/26 Alex Mandel <tech_dev at wildintellect.com>:
> On 06/26/2012 02:08 PM, Giuseppe Sucameli wrote:
>> Hi Victor,
>>
>> On Tue, Jun 26, 2012 at 4:47 PM, Victor Olaya <volayaf at gmail.com> wrote:
>>> I am sorry to insist a bit, but I am having problems releasing a new
>>> version of SEXTANTE, due to a problem with the security of the release
>>> system, which does not allow path information in zip files.
>>
>> looking at the qgis-django webapp code seems that your zip file
>> has something wrong.
>>
>> Here's the code of the webapp that accomplish that check:
>>
>>     for zname in zip.namelist():
>>         if zname.find('..') != -1 or zname.find(os.path.sep) == 0 :
>>             raise ValidationError( _("For security reasons, zip file
>> cannot contain path informations") )
>>
>> It seems that filenames within your zip contains also path
>> informations. I'm not sure I understood well what path information
>> is, but I suppose is something that defines where to put each file
>> when it's extracted.
>> So if you extract only one file (e.g. sextante/images/config.png)
>> the zip application want to put it within the sextante/images folder.
>> This could be a problem if you put files with path information
>> like "/usr" or just "/" of "../../../something".
>>
>> Which command do you use to zip the plugin folder?
>> This is the command I run to zip my plugins:
>>
>> zip -r PLUGIN_NAME.zip PLUGIN_FOLDER -x \*.svn* -x \*.pyc -x \*~ -x
>> \*entries\* -x \*.git\*
>>
>> Hope this helps.
>> Regards.
>>
>
> Right what it's trying to prevent is full paths so that a zip doesn't
> nefariously put stuff at / on a nix style system or C:/ on windows
> system. Relative directory structure should not be effected by this. So
> as Giuseppe points out it's a matter of finding the right zip options.
>
> Enjoy,
> Alex
>
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer

More information about the Qgis-developer mailing list