security update

TP1/rest/rest-server.py

-from flask import Flask, request, jsonify
 import argparse
+import re
+from flask import Flask, request, jsonify
 from os.path import expanduser, join, isdir, abspath
 from os import listdir
 
@@ -10,6 +11,7 @@ main_directory = None
 @app.route('/list/<path:relative_directory>')
 def list(relative_directory):
     global main_directory
+    relative_directory = re.sub('\.+', '.', relative_directory)
     target_directory = join(main_directory, relative_directory) if relative_directory != '.' else main_directory
     dirs = listdir(target_directory)
     s = [d for d in dirs if isdir(d)]
@@ -19,17 +21,17 @@ def list(relative_directory):
 @app.route('/get/<path:relative_path>')
 def get(relative_path):
     global main_directory
+    relative_path = re.sub('\.+', '.', relative_path)
     with open(join(main_directory,relative_path), 'r') as f:
         data = f.read()
     return jsonify(dir=main_directory, file=relative_path, data=data)
 
 @app.route('/put', methods=['POST'])
 def put():
-    from pprint import pprint
-    
+    global main_directory
     relative_path = request.json['destination']
+    relative_path = re.sub('\.+', '.', relative_path)
     data          = request.json['data']
-    global main_directory
     new_file = join(main_directory, relative_path)
     try:
         with open(new_file, 'w+') as f: