From 9965f1657c3ffc470863c2d554700aa7979ffb83 Mon Sep 17 00:00:00 2001
From: Mario Buikhuizen <mariobuikhuizen@gmail.com>
Date: Tue, 7 Apr 2020 12:16:57 +0200
Subject: [PATCH 1/2] fix: 404 error on retrieving snippet content in symlinked
 dir

os.path.realpath also resolves symlinks. We only want to resolve
'..' to prevent escaping the snippet roots, os.path.abspath does
this.

This commit also adds some logging be able to better analyze other
potential problems.
---
 jupyterlab-snippets/loader.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/jupyterlab-snippets/loader.py b/jupyterlab-snippets/loader.py
index 1cd5f1f..f769ff4 100644
--- a/jupyterlab-snippets/loader.py
+++ b/jupyterlab-snippets/loader.py
@@ -30,7 +30,9 @@ def get_snippet_content(self, snippet):
                 path = os.path.join(root_path, *snippet)
 
                 # Prevent access to the entire file system when the path contains '..'
-                accessible = os.path.realpath(path).startswith(root_path)
+                accessible = os.path.abspath(path).startswith(root_path)
+                if not accessible:
+                    print(f'jupyterlab-snippets: {path} not accessible from {root_path}')
 
                 if accessible and os.path.isfile(path):
                     with open(path) as f:
@@ -38,4 +40,5 @@ def get_snippet_content(self, snippet):
         except:
             raise tornado.web.HTTPError(status_code=500)
 
+        print(f'jupyterlab-snippets: {snippet} not found in {self.snippet_paths}')
         raise tornado.web.HTTPError(status_code=404)

From 2cfb1796ed981cb5241296eaa80535261e2fcaec Mon Sep 17 00:00:00 2001
From: Mario Buikhuizen <mariobuikhuizen@gmail.com>
Date: Tue, 7 Apr 2020 12:25:50 +0200
Subject: [PATCH 2/2] chore: release v0.3.2

---
 jupyterlab-snippets/_version.py | 2 +-
 package.json                    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/jupyterlab-snippets/_version.py b/jupyterlab-snippets/_version.py
index 0f60a47..4c7a37e 100644
--- a/jupyterlab-snippets/_version.py
+++ b/jupyterlab-snippets/_version.py
@@ -1,2 +1,2 @@
-version_info = (0, 3, 1)
+version_info = (0, 3, 2)
 __version__ = ".".join(map(str, version_info))
diff --git a/package.json b/package.json
index 063ca3f..0a0b671 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "jupyterlab-snippets",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "Snippets Extension for JupyterLab",
   "keywords": [
     "jupyter",