Properly check upload filename for directory transversal.

2023-09-07 18:06:22 -04:00 · 2023-09-07 18:06:22 -04:00 · d6d1a8998f
parent e464fa8f04
commit d6d1a8998f
1 changed files with 2 additions and 2 deletions
--- a/server.py
+++ b/server.py
@ -170,15 +170,15 @@ class PromptServer():

                subfolder = post.get("subfolder", "")
                full_output_folder = os.path.join(upload_dir, os.path.normpath(subfolder))
+                filepath = os.path.join(full_output_folder, filename)

-                if os.path.commonpath((upload_dir, os.path.abspath(full_output_folder))) != upload_dir:
+                if os.path.commonpath((upload_dir, os.path.abspath(filepath))) != upload_dir:
                    return web.Response(status=400)

                if not os.path.exists(full_output_folder):
                    os.makedirs(full_output_folder)

                split = os.path.splitext(filename)
-                filepath = os.path.join(full_output_folder, filename)

                if overwrite is not None and (overwrite == "true" or overwrite == "1"):
                    pass