Skip to content

Commit

Permalink
add path check
Browse files Browse the repository at this point in the history
  • Loading branch information
@Weiyu-Kong
Weiyu-Kong committed Dec 28, 2024
1 parent 583a8b0 commit 5da9748
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions WEBtool/phishpedia_web.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ def upload_file():
return jsonify({'error': 'Invalid file name'}), 400
file_path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
file_path = os.path.normpath(file_path)
if not file_path.startswith(app.config['UPLOAD_FOLDER']):
return jsonify({'error': 'Invalid file path'}), 400

file.save(file_path)
return jsonify({'success': True, 'imageUrl': f'/uploads/{filename}'}), 200

Expand Down

0 comments on commit 5da9748

Please sign in to comment.