Rev2034, Fix leaking users.json via webui

src/Config.py

@@ -10,7 +10,7 @@ class Config(object):
 
     def __init__(self, argv):
         self.version = "0.5.3"
-        self.rev = 2033
+        self.rev = 2034
         self.argv = argv
         self.action = None
         self.config_file = "zeronet.conf"

src/Test/TestWeb.py

@@ -38,10 +38,11 @@ class TestWeb:
         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../sites.json" % site_url)
         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/..//sites.json" % site_url)
         assert "Forbidden" in wget("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/../../zeronet.py" % site_url)
-        
-        assert "Not Found" in wget("%s/content.db" % site_url)
-        assert "Not Found" in wget("%s/./key-rsa.pem" % site_url)
-        assert "Not Found" in wget("%s/././././././././././//////sites.json" % site_url)
+
+        assert "Forbidden" in wget("%s/content.db" % site_url)
+        assert "Forbidden" in wget("%s/./users.json" % site_url)
+        assert "Forbidden" in wget("%s/./key-rsa.pem" % site_url)
+        assert "Forbidden" in wget("%s/././././././././././//////sites.json" % site_url)
 
     def testLinkSecurity(self, browser, site_url):
         browser.get("%s/1EU1tbG9oC1A8jz2ouVwGZyQ5asrNsE4Vr/test/security.html" % site_url)

src/Ui/UiRequest.py

@@ -374,6 +374,8 @@ class UiRequest(object):
                 if site.settings["own"]:
                     from Debug import DebugMedia
                     DebugMedia.merge(file_path)
+            if not address or address == ".":
+                return self.error403(path_parts["inner_path"])
             if os.path.isfile(file_path):  # File exists
                 return self.actionFile(file_path, header_length=header_length)
             elif os.path.isdir(file_path):  # If this is actually a folder, add "/" and redirect