Home Explore Help
Register Sign In
RISCI_ATOM
/
ZeroNet
mirror of https://github.com/HelloZeroNet/ZeroNet.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge pull request #1453 from anoadragon453/anoa/fix_filepaths

Only raise security error on ../
ZeroNet 4 years ago
parent
7418400b52 4d25a02cd1
commit
9e7ae55068
2 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 1 1
      src/Site/SiteStorage.py
  2. 1 1
      src/Ui/UiRequest.py

+ 1 - 1
src/Site/SiteStorage.py
View File 

@@ -362,7 +362,7 @@ class SiteStorage(object):
 
         if not inner_path:
 
             return self.directory
 
 
-        if ".." in inner_path:
 
+        if "../" in inner_path:
 
             raise Exception(u"File not allowed: %s" % inner_path)
 
 
         return u"%s/%s" % (self.directory, inner_path)

+ 1 - 1
src/Ui/UiRequest.py
View File 

@@ -526,7 +526,7 @@ class UiRequest(object):
 
         if path.endswith("/"):
 
             path = path + "index.html"
 
 
-        if ".." in path or "./" in path:
 
+        if "../" in path or "./" in path:
 
             raise SecurityError("Invalid path")
 
 
         match = re.match("/media/(?P<address>[A-Za-z0-9]+[A-Za-z0-9\._-]+)(?P<inner_path>/.*|$)", path)