Feature: Ability to link files opening in new page #989
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| resolved = _resolve_unique_file(dojo, search_roots, filename) | ||
| if not resolved: | ||
| abort(404) | ||
|
|
||
| return _serve_dojo_file(dojo, Path(resolved), module=module, challenge=challenge, challenge_id=challenge_id) |
There was a problem hiding this comment.
The new file handler resolves any filename ending in a dot and serves it directly via _serve_dojo_file without verifying the module/challenge visibility or restricting extensions. Any user who can load the dojo can now request URLs such as /dojo_id/hidden-module/solution.py and download arbitrary files from the dojo repository, including hidden challenge assets and solution scripts, simply by guessing their names. This bypasses the existing visibility gates and exposes the entire repo contents.
Useful? React with 👍 / 👎.
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
|
I think the |
2 participants
Dojo Asset Links Support
Dojo owners can now embed links inside dojo, module, and challenge descriptions that point to files stored in their dojo repository. Visiting a URL of the form
/dojo_id/<asset-path>renders the referenced artifact directly in the platform:/{dojo_id}/{filename}resolves dojo-level files./{dojo_id}/{module_id}/{filename}resolves module-level files./{dojo_id}/{module_id}/{challenge_id}/{filename}resolves challenge-level files.Markdown renders as HTML, PDFs stream in the browser, and LaTeX (or other plain text assets) display in a dedicated template. Requests are constrained to the owning dojo repo and reject ambiguous matches, preventing traversal outside the allowed tree.
Motivation
For the core material to be added for cryptography dojo, having long pdfs have their own dedicated page is a necessity. Previously, descriptions could only link to external hosting or expose bare markdown. This feature keeps assets in the dojo repository, preserving version control, discoverability, and offline deployability while giving students a single, predictable URL structure for supplementary content.
Implementation Details
dojo_plugin/pages/dojo.pynow inspects deep paths and dispatches file requests after validating path segments. Files resolve relative to the dojo tree only when the match is unique. Safe extensions are rendered appropriately; everything else streams viasend_file.dojo_theme/templates/text_file.htmlrenders textual assets with dojo/module context headers.Files Changed
dojo_plugin/pages/dojo.py: Added file-resolution helpers, sanitized segment checking, and expandedview_dojo_pathrouting.dojo_theme/templates/text_file.html: New template for text-based assets.UNDER CONSTRUCTION