298977887/ComfyUI
1
0
Fork 0
mirror of https://github.com/comfyanonymous/ComfyUI.git synced 2025-01-11 02:15:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Properly check upload filename for directory transversal.

Browse Source
This commit is contained in:
comfyanonymous 2023-09-07 18:06:22 -04:00
parent e464fa8f04
commit d6d1a8998f
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server.py
View File

@ -170,15 +170,15 @@ class PromptServer():
subfolder = post.get("subfolder", "") subfolder = post.get("subfolder", "")
full_output_folder = os.path.join(upload_dir, os.path.normpath(subfolder)) full_output_folder = os.path.join(upload_dir, os.path.normpath(subfolder))
filepath = os.path.join(full_output_folder, filename)
if os.path.commonpath((upload_dir, os.path.abspath(full_output_folder))) != upload_dir: if os.path.commonpath((upload_dir, os.path.abspath(filepath))) != upload_dir:
return web.Response(status=400) return web.Response(status=400)
if not os.path.exists(full_output_folder): if not os.path.exists(full_output_folder):
os.makedirs(full_output_folder) os.makedirs(full_output_folder)
split = os.path.splitext(filename) split = os.path.splitext(filename)
filepath = os.path.join(full_output_folder, filename)
if overwrite is not None and (overwrite == "true" or overwrite == "1"): if overwrite is not None and (overwrite == "true" or overwrite == "1"):
pass pass