oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow some paths to contain .. but not ../

Browse source
This commit is contained in:
Ivanq 2019-07-01 18:17:42 +03:00
parent 822dec5c03
commit 743f92d15e
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Site/SiteStorage.py
View file

@ -382,7 +382,7 @@ class SiteStorage(object):
if not inner_path:
return self.directory
if ".." in inner_path:
if "../" in inner_path:
raise Exception("File not allowed: %s" % inner_path)
return "%s/%s" % (self.directory, inner_path)