mirror of
https://github.com/retspen/webvirtcloud
synced 2024-12-24 23:25:24 +00:00
handle security concerns with file uploading
This commit is contained in:
parent
c354393685
commit
f690d1fa60
1 changed files with 5 additions and 1 deletions
|
@ -1,4 +1,5 @@
|
|||
import json
|
||||
import os
|
||||
|
||||
from django.contrib import messages
|
||||
from django.http import HttpResponse, HttpResponseRedirect
|
||||
|
@ -90,7 +91,10 @@ def storage(request, compute_id, pool):
|
|||
"""
|
||||
|
||||
def handle_uploaded_file(path, f_name):
|
||||
target = path + "/" + str(f_name)
|
||||
target = os.path.normpath(os.path.join(path, f_name))
|
||||
if not target.startswith(path):
|
||||
raise Exception("Security Issues with file uploading")
|
||||
|
||||
destination = open(target, "wb+")
|
||||
for chunk in f_name.chunks():
|
||||
destination.write(chunk)
|
||||
|
|
Loading…
Reference in a new issue