From d6f2dfefea19bb2975641ccf962ba68dddc25839 Mon Sep 17 00:00:00 2001
From: Paul Ivanov <pi@berkeley.edu>
Date: Mon, 3 Mar 2014 12:35:37 -0800
Subject: [PATCH 1/2] log refusal to serve hidden files dirs

---
 IPython/html/base/handlers.py                    | 1 +
 IPython/html/services/notebooks/filenbmanager.py | 2 ++
 IPython/html/tree/handlers.py                    | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/IPython/html/base/handlers.py b/IPython/html/base/handlers.py
index 0e0d45f0c..407089c56 100644
--- a/IPython/html/base/handlers.py
+++ b/IPython/html/base/handlers.py
@@ -263,6 +263,7 @@ class AuthenticatedFileHandler(IPythonHandler, web.StaticFileHandler):
         abs_path = super(AuthenticatedFileHandler, self).validate_absolute_path(root, absolute_path)
         abs_root = os.path.abspath(root)
         if is_hidden(abs_path, abs_root):
+            self.log.info("Refusing to serve hidden file, via 404 Error")
             raise web.HTTPError(404)
         return abs_path
 
diff --git a/IPython/html/services/notebooks/filenbmanager.py b/IPython/html/services/notebooks/filenbmanager.py
index 4187249ad..23bf0a3c5 100644
--- a/IPython/html/services/notebooks/filenbmanager.py
+++ b/IPython/html/services/notebooks/filenbmanager.py
@@ -180,6 +180,8 @@ class FileNotebookManager(NotebookManager):
         """List the directories for a given API style path."""
         path = path.strip('/')
         os_path = self._get_os_path('', path)
+        if is_hidden(os_path, self.notebook_dir):
+            self.log.info("Refusing to serve hidden directory, via 404 Error")
         if not os.path.isdir(os_path) or is_hidden(os_path, self.notebook_dir):
             raise web.HTTPError(404, u'directory does not exist: %r' % os_path)
         dir_names = os.listdir(os_path)
diff --git a/IPython/html/tree/handlers.py b/IPython/html/tree/handlers.py
index 7f51729a5..510190b31 100644
--- a/IPython/html/tree/handlers.py
+++ b/IPython/html/tree/handlers.py
@@ -62,6 +62,8 @@ class TreeHandler(IPythonHandler):
             self.log.debug("Redirecting %s to %s", self.request.path, url)
             self.redirect(url)
         else:
+            if nbm.is_hidden(path):
+                self.log.info("Refusing to serve hidden directory, via 404 Error")
             if not nbm.path_exists(path=path) or nbm.is_hidden(path):
                 # Directory is hidden or does not exist.
                 raise web.HTTPError(404)

From 6c8cccf9e3e180eeb15c80d78e76277cd947b916 Mon Sep 17 00:00:00 2001
From: Paul Ivanov <pi@berkeley.edu>
Date: Mon, 3 Mar 2014 16:02:07 -0800
Subject: [PATCH 2/2] fix test suite

is_hidden expects the file to actually exist, so I've rearranged the
logic such that is_hidden is called only after it's clear that the file
exists.
---
 IPython/html/services/notebooks/filenbmanager.py | 5 +++--
 IPython/html/tree/handlers.py                    | 7 ++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/IPython/html/services/notebooks/filenbmanager.py b/IPython/html/services/notebooks/filenbmanager.py
index 23bf0a3c5..d7153a38f 100644
--- a/IPython/html/services/notebooks/filenbmanager.py
+++ b/IPython/html/services/notebooks/filenbmanager.py
@@ -180,9 +180,10 @@ class FileNotebookManager(NotebookManager):
         """List the directories for a given API style path."""
         path = path.strip('/')
         os_path = self._get_os_path('', path)
-        if is_hidden(os_path, self.notebook_dir):
+        if not os.path.isdir(os_path):
+            raise web.HTTPError(404, u'directory does not exist: %r' % os_path)
+        elif is_hidden(os_path, self.notebook_dir):
             self.log.info("Refusing to serve hidden directory, via 404 Error")
-        if not os.path.isdir(os_path) or is_hidden(os_path, self.notebook_dir):
             raise web.HTTPError(404, u'directory does not exist: %r' % os_path)
         dir_names = os.listdir(os_path)
         dirs = []
diff --git a/IPython/html/tree/handlers.py b/IPython/html/tree/handlers.py
index 510190b31..e5adf03db 100644
--- a/IPython/html/tree/handlers.py
+++ b/IPython/html/tree/handlers.py
@@ -62,11 +62,12 @@ class TreeHandler(IPythonHandler):
             self.log.debug("Redirecting %s to %s", self.request.path, url)
             self.redirect(url)
         else:
-            if nbm.is_hidden(path):
-                self.log.info("Refusing to serve hidden directory, via 404 Error")
-            if not nbm.path_exists(path=path) or nbm.is_hidden(path):
+            if not nbm.path_exists(path=path):
                 # Directory is hidden or does not exist.
                 raise web.HTTPError(404)
+            elif nbm.is_hidden(path):
+                self.log.info("Refusing to serve hidden directory, via 404 Error")
+                raise web.HTTPError(404)
             breadcrumbs = self.generate_breadcrumbs(path)
             page_title = self.generate_page_title(path)
             self.write(self.render_template('tree.html',