Skip to content
Snippets Groups Projects
Commit c4950861 authored by Nathaniel Kofalt's avatar Nathaniel Kofalt
Browse files

Fix arbitrary path access

parent c3b0b063
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 1 deletion
containers.py
+ 3
1
View file @ c4950861
......@@ -318,7 +318,7 @@ class Container(base.RequestHandler):
field = form[fieldname]
if fieldname == 'file':
filestream = field.file
filename = field.filename
_, filename = os.path.split(field.filename)
elif fieldname == 'tags':
try:
tags = json.loads(field.value)
......@@ -334,6 +334,8 @@ class Container(base.RequestHandler):
elif filename is None:
self.abort(400, 'Request must contain a filename parameter.')
else:
_, filename = os.path.split(filename)
if 'Content-MD5' not in self.request.headers:
self.abort(400, 'Request must contain a valid "Content-MD5" header.')
try:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment