j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2024-12-25 23:55:24 +00:00
Code Issues Projects Releases Wiki Activity

handle security concerns with file uploading

Browse source
This commit is contained in:
catborise 2021-12-06 08:42:50 +03:00
parent c354393685
commit f690d1fa60
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
storages/views.py
View file

@ -1,4 +1,5 @@
import json import json
import os
from django.contrib import messages from django.contrib import messages
from django.http import HttpResponse, HttpResponseRedirect from django.http import HttpResponse, HttpResponseRedirect
@ -90,7 +91,10 @@ def storage(request, compute_id, pool):
""" """
def handle_uploaded_file(path, f_name): def handle_uploaded_file(path, f_name):
target = path + "/" + str(f_name) target = os.path.normpath(os.path.join(path, f_name))
if not target.startswith(path):
raise Exception("Security Issues with file uploading")
destination = open(target, "wb+") destination = open(target, "wb+")
for chunk in f_name.chunks(): for chunk in f_name.chunks():
destination.write(chunk) destination.write(chunk)