solara-ui 1.35.0__py2.py3-none-any.whl → 1.35.1__py2.py3-none-any.whl

solara/__init__.py

@@ -1,6 +1,6 @@
 """Build webapps using IPywidgets"""
 
-__version__ = "1.35.0"
+__version__ = "1.35.1"
 github_url = "https://github.com/widgetti/solara"
 git_branch = "master"
 

solara/__main__.py

@@ -653,7 +653,7 @@ def markdown(target: typing.Optional[Path] = None):
 
 
 def write_script(name: str, target: typing.Optional[Path]):
-    code = (HERE / "template" / f"{name}.py").read_text()
+    code = (HERE / "template" / f"{name}.py").read_text(encoding="utf-8")
     if target is None:
         target = Path("sol.py")
     else:

solara/autorouting.py

@@ -215,11 +215,9 @@ def RenderPage(main_name: str = "Page"):
                         solara.Button(
                             icon_name="mdi-pencil", icon=True, href=url, target="_blank", style={"position": "absolute", "top": "0px", "right": "0px"}
                         )
-                    # solara.Markdown(path.read_text(), unsafe_solara_execute=True)
-                    component(path.read_text(), unsafe_solara_execute=True)
+                    component(path.read_text(encoding="utf-8"), unsafe_solara_execute=True)
             else:
-                # content = solara.Markdown(path.read_text(), unsafe_solara_execute=True)
-                content = component(path.read_text(), unsafe_solara_execute=True)
+                content = component(path.read_text(encoding="utf-8"), unsafe_solara_execute=True)
 
             main = solara.Div(
                 classes=["solara-autorouter-content"],

solara/components/style.py

@@ -52,7 +52,7 @@ def Style(value: Union[str, Path] = ""):
                 try:
                     async for _ in watchfiles.awatch(value):
                         print(value, "changed, reloading css")  # noqa
-                        set_css_content_reloaded(cast(Path, value).read_text())
+                        set_css_content_reloaded(cast(Path, value).read_text(encoding="utf-8"))
                 except RuntimeError:
                     pass  # swallow the RuntimeError: Already borrowed errors from watchfiles
                 except Exception:
@@ -70,7 +70,7 @@ def Style(value: Union[str, Path] = ""):
     if css_content_reloaded is not None:
         css_content = css_content_reloaded
     else:
-        css_content = value.read_text() if isinstance(value, Path) else value
+        css_content = value.read_text(encoding="utf-8") if isinstance(value, Path) else value
     # del value
     hash = hashlib.sha256(css_content.encode("utf-8")).hexdigest()
     # the key is unique for this component + value

solara/server/app.py

@@ -229,7 +229,7 @@ class AppScript:
         path = Path(name)
         if path.suffix == ".vue":
             logger.info("Vue file changed: %s", name)
-            template_content = path.read_text()
+            template_content = path.read_text(encoding="utf-8")
             for context in list(kernel_context.contexts.values()):
                 with context:
                     for filepath, widget in context.templates.items():

solara/server/cdn_helper.py

@@ -1,9 +1,9 @@
 import logging
-import os
 import pathlib
 import shutil
 
 import requests
+from solara.server.utils import path_is_child_of
 
 import solara.settings
 
@@ -14,6 +14,9 @@ cdn_url_path = "_solara/cdn"
 
 def put_in_cache(base_cache_dir: pathlib.Path, path, data: bytes):
     cache_path = base_cache_dir / path
+    if not path_is_child_of(cache_path, base_cache_dir):
+        raise PermissionError("Trying to write outside of cache directory")
+
     pathlib.Path(cache_path.parent).mkdir(parents=True, exist_ok=True)
     try:
         logger.info("Writing cache file: %s", cache_path)
@@ -27,9 +30,7 @@ def get_from_cache(base_cache_dir: pathlib.Path, path):
     # Make sure cache_path is a subdirectory of base_cache_dir
     # so we don't accidentally read files from the parent directory
     # which is a security risk.
-    # We use os.path.normpath() because we do not want to follow symlinks
-    # in editable installs, since some packages are symlinked
-    if not os.path.normpath(cache_path).startswith(str(base_cache_dir.resolve())):
+    if not path_is_child_of(cache_path, base_cache_dir):
         logger.warning("Trying to read from outside of cache directory: %s is not a subdir of %s", cache_path, base_cache_dir)
         raise PermissionError("Trying to read from outside of cache directory")
 
@@ -68,6 +69,9 @@ def get_path(base_cache_dir: pathlib.Path, path) -> pathlib.Path:
     store_path = path if len(parts) != 1 else pathlib.Path(path) / "__main.js"
     cache_path = base_cache_dir / store_path
 
+    if not path_is_child_of(cache_path, base_cache_dir):
+        raise PermissionError("Trying to read from outside of cache directory")
+
     if cache_path.exists():
         # before d7eba856f100d5c3c64f4eec22c62390f084cb40 on windows, we could
         # accidentally write to the cache directory, so we need to check if we still

solara/server/flask.py

@@ -199,7 +199,7 @@ def nbext(dir, filename):
     for directory in server.nbextensions_directories:
         file = directory / dir / filename
         if file.exists():
-            return send_from_directory(directory / dir, filename)
+            return send_from_directory(directory, dir + os.path.sep + filename)
     return flask.Response("not found", status=404)
 
 
@@ -217,7 +217,10 @@ if solara.settings.assets.proxy:
         if not allowed():
             abort(401)
         cache_directory = settings.assets.proxy_cache_dir
-        content = cdn_helper.get_data(Path(cache_directory), path)
+        try:
+            content = cdn_helper.get_data(Path(cache_directory), path)
+        except PermissionError:
+            return flask.Response("not found", status=404)
         mime = mimetypes.guess_type(path)
         return flask.Response(content, mimetype=mime[0])
 

solara/server/starlette.py

@@ -3,6 +3,7 @@ import json
 import logging
 import math
 import os
+from pathlib import Path
 import sys
 import threading
 import typing
@@ -14,6 +15,8 @@ import starlette.websockets
 import uvicorn.server
 import websockets.legacy.http
 
+from solara.server.utils import path_is_child_of
+
 try:
     import solara_enterprise
 
@@ -405,6 +408,9 @@ class StaticNbFiles(StaticFilesOptionalAuth):
             original_path = os.path.join(directory, path)
             full_path = os.path.realpath(original_path)
             directory = os.path.realpath(directory)
+            # return early if someone tries to access a file outside of the directory
+            if not path_is_child_of(Path(original_path), Path(directory)):
+                return "", None
             try:
                 return full_path, os.stat(full_path)
             except (FileNotFoundError, NotADirectoryError):
@@ -449,7 +455,6 @@ class StaticCdn(StaticFilesOptionalAuth):
             full_path = str(get_path(settings.assets.proxy_cache_dir, path))
         except Exception:
             return "", None
-
         return full_path, os.stat(full_path)
 
 

solara/server/static/solara_bootstrap.py

@@ -119,7 +119,7 @@ async def main():
     ]
     for dep in requirements:
         await micropip.install(dep, keep_going=True)
-    await micropip.install("/wheels/solara-1.35.0-py2.py3-none-any.whl", keep_going=True)
+    await micropip.install("/wheels/solara-1.35.1-py2.py3-none-any.whl", keep_going=True)
     import solara
 
     el = solara.Warning("lala")

solara/server/utils.py

@@ -1,6 +1,7 @@
 import contextlib
 import logging
 import os
+from pathlib import Path
 import pdb
 import traceback
 
@@ -16,6 +17,12 @@ def start_error(title, msg, exception: Exception = None):
     os._exit(-1)
 
 
+def path_is_child_of(path: Path, parent: Path) -> bool:
+    # We use os.path.normpath() because we do not want to follow symlinks
+    # in editable installs, since some packages are symlinked
+    return os.path.normpath(path).startswith(os.path.normpath(parent))
+
+
 @contextlib.contextmanager
 def pdb_guard():
     from . import settings

{solara_ui-1.35.0.dist-info → solara_ui-1.35.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: solara-ui
-Version: 1.35.0
+Version: 1.35.1
 Dynamic: Summary
 Project-URL: Home, https://www.github.com/widgetti/solara
 Project-URL: Documentation, https://solara.dev

{solara_ui-1.35.0.dist-info → solara_ui-1.35.1.dist-info}/RECORD

@@ -1,9 +1,9 @@
 prefix/etc/jupyter/jupyter_notebook_config.d/solara.json,sha256=3UhTBQi6z7F7pPjmqXxfddv79c8VGR9H7zStDLp6AwY,115
 prefix/etc/jupyter/jupyter_server_config.d/solara.json,sha256=D9J-rYxAzyD5GOqWvuPjacGUVFHsYtTfZ4FUbRzRvIA,113
-solara/__init__.py,sha256=SDPK0vT6QxeWzzWF9qbyAr5f9oYiBkHmqlY1dPqwMVc,3584
-solara/__main__.py,sha256=_RSUhoxkTruY4MMlSJ9qBKWdsgNSasuYs1EBbufnNrM,23656
+solara/__init__.py,sha256=G6n9833GZNikEicJ0sIt4c5k7tAso-pCAx19zVYHHk4,3584
+solara/__main__.py,sha256=hxMYlUg-t-KTOJSVfEHwvcTV51WHX6INpN0F_qaesUg,23672
 solara/alias.py,sha256=9vfLzud77NP8in3OID9b5mmIO8NyrnFjN2_aE0lSb1k,216
-solara/autorouting.py,sha256=IXNqJBaKjniuQIHGq_LSqoWXec9qq34t2b6UEqj4YBE,22677
+solara/autorouting.py,sha256=k0f5SpySGbhutF1KKCRQTCtkBKKCsYT8C6gB_pUXK10,22535
 solara/cache.py,sha256=rZEW_xVIj3vvajntsQDnaglniTQ90izkX8vOqe1mMvE,10500
 solara/checks.html,sha256=NZoefOKYpE6NHQJchi4WE5HkDG3xpJW0kY6TOAFHQtE,3304
 solara/checks.py,sha256=WtMzUM1HN127juk5fFV2jdsJ1qT5Ghg21wEZfiVfIFc,7563
@@ -68,7 +68,7 @@ solara/components/spinner-solara.vue,sha256=fH8AtwXUZf_YZnUj-1OWspcbVWc-mSbY2T5s
 solara/components/spinner.py,sha256=EGB9qL6WnNchaEc8RnjPk79jm5TV9v_7UoEoDZKikBM,586
 solara/components/sql_code.py,sha256=XUx91w_E7q6QzOPpY1NZVuCNPh6hPP6gPJLM7cMDYs4,1190
 solara/components/sql_code.vue,sha256=ogqWdIOm1OnTQJj_p2UhcFPO_biv1uMaYCOCXPBJ6AQ,3815
-solara/components/style.py,sha256=l2UAke1Js9IMAFP31k5T2-YDjo2WMbR104ZYvMpXUEs,3112
+solara/components/style.py,sha256=8xv5xXkfiTyVP0oRRh1ONQn0oJ2k40yTomQFEgP0-3k,3144
 solara/components/switch.py,sha256=Vq6LgroaY3jx4PO2n1_08lqPL9g0MUZNsMPA4uqKr7I,2309
 solara/components/tab_navigation.py,sha256=xVlVx4GvLNNxeE53sGtRLkcQB3mzEWM_jTlXOnY3SEs,1047
 solara/components/title.py,sha256=2B-PDlWOoY1fHYRRXnP7vUmRioqEHM9WJ2qjF6zVFGQ,2120
@@ -101,11 +101,11 @@ solara/lab/utils/headers.py,sha256=RMo8JUdztRePrdNfYCX1QEhrfyF6ktodr4v6tIREKbs,2
 solara/scope/__init__.py,sha256=0sP3B6L4Aai0b6nadPtEETb8XqdGmSFKvQusNH0-yvY,2987
 solara/scope/types.py,sha256=HTf_wnkpkhhtGaeFsB690KBP623CUuqiMssd72-u9yg,1540
 solara/server/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-solara/server/app.py,sha256=6cWds871ZTD-zT5H2p3ep0cXX9AqT2VnKk3kIEbek60,20336
-solara/server/cdn_helper.py,sha256=BvqxkA3jKi1fEZ5g3FZjphx2NY6PnoxnSCG9JK6zdBE,3101
+solara/server/app.py,sha256=JWWr2UZLxJVRCahFZUBeMwSpUn9dyswzywDuvCUfWQU,20352
+solara/server/cdn_helper.py,sha256=mjdDWL1jVed40rEagP9L5CfZwFB77yUKqcFg--u2eds,3250
 solara/server/esm.py,sha256=dX9pzTJQ6kd6qNHQgzC938O5LTowLhuATXO0Q1paz44,2951
 solara/server/fastapi.py,sha256=qVIHn0_Kxr6zWqcBWySu5nnJ6pNTSDqb4EHIh-cqH_8,93
-solara/server/flask.py,sha256=7VsZ12XouYJvlObZ-ZotL4aupXWQE7OsyghJynWr0wk,9027
+solara/server/flask.py,sha256=v3TUqZMKzijnoB9fv3xipM-kPtLziyNAV6Wiw0DLh7w,9149
 solara/server/jupytertools.py,sha256=cYFIUjLX7n0uuEXqWVWvmV6sV7R_MNg8ZZlabQgw8vk,1320
 solara/server/kernel.py,sha256=3mwRRBw6BOcKLACL4fCUGgtI_RZ5KTSM1MlAtRlDbmA,11092
 solara/server/kernel_context.py,sha256=RrNVAkoev6u6LZBvDfG86zyVs7eDVUsrp_4Au_FLlgY,16718
@@ -114,10 +114,10 @@ solara/server/reload.py,sha256=BBH7QhrV1-e9RVyNE3uz1oPj1DagC3t_XSqGPNz0nJE,9747
 solara/server/server.py,sha256=fo-3o7L20kC6tb4_mLzoVI39dodRRuNIVuCCYBOF94k,16268
 solara/server/settings.py,sha256=8QpVW_hYe4QvSVvDMeobpUEFa_jjCAGrSKgCGzjZ3As,7340
 solara/server/shell.py,sha256=xKox0fvDxdcWleE8p2ffCkihvjLJsWn2FujMbgUjYn0,8677
-solara/server/starlette.py,sha256=8cVrYxkt2hm7RaO9E12wHAqabK_viLPSbgUUXA19fRA,23599
+solara/server/starlette.py,sha256=zOyE5cdsE-JVvXuoKWv2nnkWHeUBVV3b6i9-3sK0utI,23866
 solara/server/telemetry.py,sha256=GPKGA5kCIqJb76wgxQ2_U2uV_s0r-1tKqv-GVxo5hs8,6038
 solara/server/threaded.py,sha256=k9k461md4MxEFX-RLit5RpVRPFlQNwr-qp5pprT8JB0,2347
-solara/server/utils.py,sha256=I_PaObYgXz--fw-5G_K_uwxfEVSPynQud8Pn-MHDR3c,648
+solara/server/utils.py,sha256=qYoSi5adwNVdcUuGj6N7jQU9fpXYDuBpsPg7bAKOMUw,938
 solara/server/websocket.py,sha256=hUYw9TeVf4vHKL8TGG4RAZGLL7rmkt1INVq5qSYRWOo,1076
 solara/server/assets/custom.css,sha256=4p04-uxHTobfr6Xkvf1iOrYiks8NciWLT_EwHZSy6jw,15
 solara/server/assets/custom.js,sha256=YT-UUYzA5uI5-enmbIsrRhofY_IJAO-HanaMwiNUEos,16
@@ -135,7 +135,7 @@ solara/server/static/highlight-dark.css,sha256=gmC3pr3x2BqJgTswNoN6AkqfEhBk24hPF
 solara/server/static/highlight.css,sha256=k8ZdT5iwrGQ5tXTQHAXuxvZrSUq3kwCdEpy3mlFoZjs,2637
 solara/server/static/main-vuetify.js,sha256=-FLlUqclZdVhCXsqawzpxtQ9vpaDA6KQdwoDKJCr_AI,8926
 solara/server/static/main.js,sha256=mcx4JNQ4Lg4pNdUIqMoZos1mZyYFS48yd_JNFFJUqIE,5679
-solara/server/static/solara_bootstrap.py,sha256=zwGV7dvJYWueF5Kl6dGZ0ACt2xAAAgcLr4V_19iRBiU,3195
+solara/server/static/solara_bootstrap.py,sha256=ajBPF2o78wx3hGHt4gPU-qBE0Zpo9cyo86xjocUbyAs,3195
 solara/server/static/sun.svg,sha256=jEKBAGCr7b9zNYv0VUb7lMWKjnU2dX69_Ye_DZWGXJI,6855
 solara/server/static/webworker.js,sha256=cjAFz7-SygStHJnYlJUlJs-gE_7YQeQ-WBDcmKYyjvo,1372
 solara/server/templates/index.html.j2,sha256=JXQo1M-STFHLBOFetgG7509cAq8xUP0VAEtYDzz35fY,31
@@ -434,9 +434,9 @@ solara/widgets/vue/gridlayout.vue,sha256=nFZJotdznqI9tUYZ1Elv9OLA0adazxvVZAggMHH
 solara/widgets/vue/html.vue,sha256=48K5rjp0AdJDeRV6F3nOHW3J0WXPeHn55r5pGClK2fU,112
 solara/widgets/vue/navigator.vue,sha256=SLrzBI0Eiys-7maXA4e8yyD13-O5b4AnCGE9wKuJDHE,3646
 solara/widgets/vue/vegalite.vue,sha256=E3dlfhR-Ol7nqQZN6wCZC_3Tz98CJW0i_EU39mj0XHw,3986
-solara_ui-1.35.0.data/data/etc/jupyter/jupyter_notebook_config.d/solara.json,sha256=3UhTBQi6z7F7pPjmqXxfddv79c8VGR9H7zStDLp6AwY,115
-solara_ui-1.35.0.data/data/etc/jupyter/jupyter_server_config.d/solara.json,sha256=D9J-rYxAzyD5GOqWvuPjacGUVFHsYtTfZ4FUbRzRvIA,113
-solara_ui-1.35.0.dist-info/METADATA,sha256=_-WkmPpHeaki7f02ZMmtIVuNdUW29OA8_H8mxpz3xYM,7284
-solara_ui-1.35.0.dist-info/WHEEL,sha256=L5_n4Kc1NmrSdVgbp6hdnwwVwBnoYOCnbHBRMD-qNJ4,105
-solara_ui-1.35.0.dist-info/licenses/LICENSE,sha256=fFJUz-CWzZ9nEc4QZKu44jMEoDr5fEW-SiqljKpD82E,1086
-solara_ui-1.35.0.dist-info/RECORD,,
+solara_ui-1.35.1.data/data/etc/jupyter/jupyter_notebook_config.d/solara.json,sha256=3UhTBQi6z7F7pPjmqXxfddv79c8VGR9H7zStDLp6AwY,115
+solara_ui-1.35.1.data/data/etc/jupyter/jupyter_server_config.d/solara.json,sha256=D9J-rYxAzyD5GOqWvuPjacGUVFHsYtTfZ4FUbRzRvIA,113
+solara_ui-1.35.1.dist-info/METADATA,sha256=xmBLIN83y97Vi8K9zWbz4TWbMoT9tWcIAD6y8QGN9kc,7284
+solara_ui-1.35.1.dist-info/WHEEL,sha256=L5_n4Kc1NmrSdVgbp6hdnwwVwBnoYOCnbHBRMD-qNJ4,105
+solara_ui-1.35.1.dist-info/licenses/LICENSE,sha256=fFJUz-CWzZ9nEc4QZKu44jMEoDr5fEW-SiqljKpD82E,1086
+solara_ui-1.35.1.dist-info/RECORD,,