oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Raise SecurityError on invalid path

Browse source
This commit is contained in:
shortcutme 2017-10-04 12:37:22 +02:00
parent 3c46f60042
commit 75b44f6980
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Ui/UiRequest.py
View file

@ -22,6 +22,10 @@ status_texts = {
} }
class SecurityError(Exception):
pass
@PluginManager.acceptPlugins @PluginManager.acceptPlugins
class UiRequest(object): class UiRequest(object):
@ -417,8 +421,8 @@ class UiRequest(object):
if path.endswith("/"): if path.endswith("/"):
path = path + "index.html" path = path + "index.html"
if ".." in path: if ".." in path or "./" in path:
raise Exception("Invalid path") raise SecurityError("Invalid path")
match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)(?P<inner_path>/.*|$)", path) match = re.match("/media/(?P<address>[A-Za-z0-9\._-]+)(?P<inner_path>/.*|$)", path)
if match: if match: