mirror of https://github.com/sc0tfree/updog.git
Add function is_valid_upload_path to fix crafted filepaths to escape the base directory. Close #2.
This commit is contained in:
parent
ed0f9113db
commit
1fe14fb125
|
@ -8,7 +8,7 @@ from werkzeug.utils import secure_filename
|
||||||
from werkzeug.security import generate_password_hash, check_password_hash
|
from werkzeug.security import generate_password_hash, check_password_hash
|
||||||
from werkzeug.serving import run_simple
|
from werkzeug.serving import run_simple
|
||||||
|
|
||||||
from updog.utils.path import is_valid_subpath, get_parent_directory, process_files
|
from updog.utils.path import is_valid_subpath, is_valid_upload_path, get_parent_directory, process_files
|
||||||
from updog.utils.output import error, info, warn, success
|
from updog.utils.output import error, info, warn, success
|
||||||
from updog import version as VERSION
|
from updog import version as VERSION
|
||||||
|
|
||||||
|
@ -129,7 +129,7 @@ def main():
|
||||||
|
|
||||||
path = request.form['path']
|
path = request.form['path']
|
||||||
# Prevent file upload to paths outside of base directory
|
# Prevent file upload to paths outside of base directory
|
||||||
if not is_valid_subpath(path, base_directory) or path == '':
|
if not is_valid_upload_path(path, base_directory):
|
||||||
return redirect(request.referrer)
|
return redirect(request.referrer)
|
||||||
|
|
||||||
for file in request.files.getlist('file'):
|
for file in request.files.getlist('file'):
|
||||||
|
|
|
@ -9,6 +9,13 @@ def is_valid_subpath(relative_directory, base_directory):
|
||||||
return os.path.commonprefix([base_directory, in_question]) == base_directory
|
return os.path.commonprefix([base_directory, in_question]) == base_directory
|
||||||
|
|
||||||
|
|
||||||
|
def is_valid_upload_path(path, base_directory):
|
||||||
|
if path == '':
|
||||||
|
return False
|
||||||
|
in_question = os.path.abspath(path)
|
||||||
|
return os.path.commonprefix([base_directory, in_question]) == base_directory
|
||||||
|
|
||||||
|
|
||||||
def get_relative_path(file_path, base_directory):
|
def get_relative_path(file_path, base_directory):
|
||||||
return file_path.split(os.path.commonprefix([base_directory, file_path]))[1][1:]
|
return file_path.split(os.path.commonprefix([base_directory, file_path]))[1][1:]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue