switch to realpath to check path traversal

2023-03-14 09:27:53 +01:00 · 2023-03-14 09:27:53 +01:00 · 6daf9bb22c
parent b1294fa49f
commit 6daf9bb22c
1 changed files with 1 additions and 1 deletions
--- a/nodes.py
+++ b/nodes.py
@ -806,7 +806,7 @@ class SaveImage:
        comfy_output_folder = os.path.join(os.path.dirname(os.path.realpath(__file__)), "output")
        full_output_folder = os.path.join(comfy_output_folder, subfolder) 
-        if os.path.commonpath((comfy_output_folder, os.path.abspath(full_output_folder))) != comfy_output_folder:
+        if os.path.commonpath((comfy_output_folder, os.path.realpath(full_output_folder))) != comfy_output_folder:
            print("Saving image outside the output folder is not allowed.")
            return