oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix data dir detection

Browse source
This commit is contained in:
HelloZeroNet 2016-04-18 00:47:26 +02:00
parent b5c3ac74c7
commit d2b9555508
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Ui/UiRequest.py
View file

@ -331,7 +331,7 @@ class UiRequest(object):
address = path_parts["address"] address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"]) file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed allowed_dir = os.path.abspath("%s/%s" % (config.data_dir, address)) # Only files within data/sitehash allowed
data_dir = os.path.abspath("data") # No files from data/ allowed data_dir = os.path.abspath(config.data_dir) # No files from data/ allowed
if ( if (
".." in file_path or ".." in file_path or
not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or not os.path.dirname(os.path.abspath(file_path)).startswith(allowed_dir) or