From fc42e1ddc0fa705ca69e0e987e58453828f64991 Mon Sep 17 00:00:00 2001
From: Taka <taka@vm-linux-dev>
Date: Wed, 24 Nov 2021 16:00:49 +1100
Subject: [PATCH] Fixed some issues with serving files.

---
 asl_rulebook2/webapp/asop.py      | 4 +++-
 asl_rulebook2/webapp/rule_info.py | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/asl_rulebook2/webapp/asop.py b/asl_rulebook2/webapp/asop.py
index af1f6ca..cc4c9b1 100644
--- a/asl_rulebook2/webapp/asop.py
+++ b/asl_rulebook2/webapp/asop.py
@@ -31,7 +31,9 @@ def init_asop( startup_msgs, logger ):
     dname = os.path.join( data_dir, "asop/" )
     if not os.path.isdir( dname ):
         return None, None, None, None
-    _asop_dir = dname
+    # NOTE: We need to resolve symlinks, since we use send_from_directory() to serve files, and it doesn't allow
+    # symlinks that point outside of the base directory (e.g. asop/ in the "full" fixtures data set).
+    _asop_dir = os.path.realpath( dname )
     fname = os.path.join( _asop_dir, "asop.css" )
     if os.path.isfile( fname ):
         user_css_url = url_for( "get_asop_file", path="asop.css" )
diff --git a/asl_rulebook2/webapp/rule_info.py b/asl_rulebook2/webapp/rule_info.py
index d213809..b320fe1 100644
--- a/asl_rulebook2/webapp/rule_info.py
+++ b/asl_rulebook2/webapp/rule_info.py
@@ -32,7 +32,7 @@ def init_qa( startup_msgs, logger ):
     if not data_dir:
         return None, None
     base_dir = os.path.join( data_dir, "q+a" )
-    _qa_images_dir = os.path.join( base_dir, "images" )
+    _qa_images_dir = os.path.abspath( os.path.join( base_dir, "images" ) )
 
     qa = {}
     def load_qa( fname ):