From f690d1fa60264b40519f94be5018fffd01bcb356 Mon Sep 17 00:00:00 2001 From: catborise Date: Mon, 6 Dec 2021 08:42:50 +0300 Subject: [PATCH] handle security concerns with file uploading --- storages/views.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/storages/views.py b/storages/views.py index 0c48ab6..18a3d02 100644 --- a/storages/views.py +++ b/storages/views.py @@ -1,4 +1,5 @@ import json +import os from django.contrib import messages from django.http import HttpResponse, HttpResponseRedirect @@ -90,7 +91,10 @@ def storage(request, compute_id, pool): """ def handle_uploaded_file(path, f_name): - target = path + "/" + str(f_name) + target = os.path.normpath(os.path.join(path, f_name)) + if not target.startswith(path): + raise Exception("Security Issues with file uploading") + destination = open(target, "wb+") for chunk in f_name.chunks(): destination.write(chunk)