oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enforce valid relative paths on verification

Browse source
This commit is contained in:
shortcutme 2017-07-13 14:59:17 +02:00
parent 96a097e33d
commit 7d3beeb9e0
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/Content/ContentManager.py
View file

@ -753,6 +753,10 @@ class ContentManager(object):
content_size_optional, rules["max_size_optional"]) content_size_optional, rules["max_size_optional"])
) )
for file_relative_path in content.get("files", {}).keys() + content.get("files_optional", {}).keys():
if not self.isValidRelativePath(file_relative_path):
raise VerifyError("Invalid relative path: %s" % file_relative_path)
# Filename limit # Filename limit
if rules.get("files_allowed"): if rules.get("files_allowed"):
for file_inner_path in content["files"].keys(): for file_inner_path in content["files"].keys():