mirror of
https://github.com/retspen/webvirtcloud
synced 2024-12-25 15:45:23 +00:00
handle security concerns with file uploading
This commit is contained in:
parent
c354393685
commit
f690d1fa60
1 changed files with 5 additions and 1 deletions
|
@ -1,4 +1,5 @@
|
||||||
import json
|
import json
|
||||||
|
import os
|
||||||
|
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.http import HttpResponse, HttpResponseRedirect
|
from django.http import HttpResponse, HttpResponseRedirect
|
||||||
|
@ -90,7 +91,10 @@ def storage(request, compute_id, pool):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def handle_uploaded_file(path, f_name):
|
def handle_uploaded_file(path, f_name):
|
||||||
target = path + "/" + str(f_name)
|
target = os.path.normpath(os.path.join(path, f_name))
|
||||||
|
if not target.startswith(path):
|
||||||
|
raise Exception("Security Issues with file uploading")
|
||||||
|
|
||||||
destination = open(target, "wb+")
|
destination = open(target, "wb+")
|
||||||
for chunk in f_name.chunks():
|
for chunk in f_name.chunks():
|
||||||
destination.write(chunk)
|
destination.write(chunk)
|
||||||
|
|
Loading…
Reference in a new issue