oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Display standard http error instead of exception on path security error

Browse source
This commit is contained in:
shortcutme 2018-06-25 14:28:42 +02:00
parent e1fdb90da6
commit c7a8a3933e
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Ui/UiRequest.py
View file

@ -85,7 +85,7 @@ class UiRequest(object):
# Sanitize request url # Sanitize request url
path = path.replace("\\", "/") path = path.replace("\\", "/")
if "../" in path or "./" in path: if "../" in path or "./" in path:
raise SecurityError("Invalid path") return self.error403("Invalid path: %s" % path)
if self.env["REQUEST_METHOD"] == "OPTIONS": if self.env["REQUEST_METHOD"] == "OPTIONS":
if "/" not in path.strip("/"): if "/" not in path.strip("/"):