Only raise security error on ../
This commit is contained in:
parent
7bff5f562c
commit
4d25a02cd1
2 changed files with 2 additions and 2 deletions
|
@ -358,7 +358,7 @@ class SiteStorage(object):
|
|||
if not inner_path:
|
||||
return self.directory
|
||||
|
||||
if ".." in inner_path:
|
||||
if "../" in inner_path:
|
||||
raise Exception(u"File not allowed: %s" % inner_path)
|
||||
|
||||
return u"%s/%s" % (self.directory, inner_path)
|
||||
|
|
|
@ -441,7 +441,7 @@ class UiRequest(object):
|
|||
if path.endswith("/"):
|
||||
path = path + "index.html"
|
||||
|
||||
if ".." in path or "./" in path:
|
||||
if "../" in path or "./" in path:
|
||||
raise SecurityError("Invalid path")
|
||||
|
||||
match = re.match("/media/(?P<address>[A-Za-z0-9]+[A-Za-z0-9\._-]+)(?P<inner_path>/.*|$)", path)
|
||||
|
|
Loading…
Reference in a new issue