1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2024-12-24 23:25:24 +00:00

handle security concerns with file uploading

This commit is contained in:
catborise 2021-12-06 08:42:50 +03:00
parent c354393685
commit f690d1fa60

View file

@ -1,4 +1,5 @@
import json
import os
from django.contrib import messages
from django.http import HttpResponse, HttpResponseRedirect
@ -90,7 +91,10 @@ def storage(request, compute_id, pool):
"""
def handle_uploaded_file(path, f_name):
target = path + "/" + str(f_name)
target = os.path.normpath(os.path.join(path, f_name))
if not target.startswith(path):
raise Exception("Security Issues with file uploading")
destination = open(target, "wb+")
for chunk in f_name.chunks():
destination.write(chunk)