From 6daf9bb22c6b4cc268bf818a11358ee6629098c6 Mon Sep 17 00:00:00 2001 From: m957ymj75urz Date: Tue, 14 Mar 2023 09:27:53 +0100 Subject: [PATCH] switch to realpath to check path traversal --- nodes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nodes.py b/nodes.py index dbbe9eba..e7c212c8 100644 --- a/nodes.py +++ b/nodes.py @@ -806,7 +806,7 @@ class SaveImage: comfy_output_folder = os.path.join(os.path.dirname(os.path.realpath(__file__)), "output") full_output_folder = os.path.join(comfy_output_folder, subfolder) - if os.path.commonpath((comfy_output_folder, os.path.abspath(full_output_folder))) != comfy_output_folder: + if os.path.commonpath((comfy_output_folder, os.path.realpath(full_output_folder))) != comfy_output_folder: print("Saving image outside the output folder is not allowed.") return