mirror of https://github.com/sc0tfree/updog.git
apply pr55
This commit is contained in:
parent
615d9d50d3
commit
2688904a15
|
@ -110,6 +110,8 @@ def main():
|
|||
except PermissionError:
|
||||
abort(403, 'Read Permission Denied: ' + requested_path)
|
||||
|
||||
# remove the base_directory
|
||||
requested_path = requested_path[len(base_directory):]
|
||||
return render_template('home.html', files=directory_files, back=back,
|
||||
directory=requested_path, is_subdirectory=is_subdirectory, version=VERSION)
|
||||
else:
|
||||
|
@ -121,22 +123,24 @@ def main():
|
|||
@app.route('/upload', methods=['POST'])
|
||||
@auth.login_required
|
||||
def upload():
|
||||
global base_directory
|
||||
|
||||
if request.method == 'POST':
|
||||
|
||||
# No file part - needs to check before accessing the files['file']
|
||||
if 'file' not in request.files:
|
||||
return redirect(request.referrer)
|
||||
return redirect(request.headers.get('Referer', '/'))
|
||||
|
||||
path = request.form['path']
|
||||
path = base_directory + request.form.get('path', '/')
|
||||
# Prevent file upload to paths outside of base directory
|
||||
if not is_valid_upload_path(path, base_directory):
|
||||
return redirect(request.referrer)
|
||||
return redirect(request.headers.get('Referer', '/'))
|
||||
|
||||
for file in request.files.getlist('file'):
|
||||
|
||||
# No filename attached
|
||||
if file.filename == '':
|
||||
return redirect(request.referrer)
|
||||
return redirect(request.headers.get('Referer', '/'))
|
||||
|
||||
# Assuming all is good, process and save out the file
|
||||
# TODO:
|
||||
|
@ -149,7 +153,7 @@ def main():
|
|||
except PermissionError:
|
||||
abort(403, 'Write Permission Denied: ' + full_path)
|
||||
|
||||
return redirect(request.referrer)
|
||||
return redirect(request.headers.get('Referer', '/'))
|
||||
|
||||
# Password functionality is without username
|
||||
users = {
|
||||
|
|
Loading…
Reference in New Issue