From 52b17ffcebab3c9a248b211f408caebcc7e2a9af Mon Sep 17 00:00:00 2001
From: james gardner <james.gardner@okfn.org>
Date: Mon, 14 Mar 2011 16:05:34 +0000
Subject: [PATCH] [security] change public file path code to avoid a trailing ,
 and thus adding / as a static file app in the Pylons middleware cascade

---
 ckanext/harvest/__init__.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/ckanext/harvest/__init__.py b/ckanext/harvest/__init__.py
index fefd8e5..37586ff 100644
--- a/ckanext/harvest/__init__.py
+++ b/ckanext/harvest/__init__.py
@@ -76,8 +76,12 @@ class Harvest(SingletonPlugin):
         template_dir = os.path.join(rootdir, 'templates')
         public_dir = os.path.join(rootdir, 'public')
         
-        config['extra_template_paths'] = ','.join([template_dir,
-                config.get('extra_template_paths', '')])
-        config['extra_public_paths'] = ','.join([public_dir,
-                config.get('extra_public_paths', '')])
+        if config.get('extra_template_paths'):
+            config['extra_template_paths'] += ','+template_dir
+        else:
+            config['extra_template_paths'] = template_dir
+        if config.get('extra_public_paths'):
+            config['extra_public_paths'] += ','+public_dir
+        else:
+            config['extra_public_paths'] = public_dir