langfingaz/anki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mediasrv symlink fix

Browse Source 
https://forums.ankiweb.net/t/anki-2-1-28-beta/629/39
This commit is contained in:
Damien Elmes 2020-07-11 10:53:41 +10:00
parent c34a99871b
commit bc5b6dfb63
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
qt/aqt/mediasrv.py
View File

@ -105,7 +105,7 @@ def allroutes(pathin):
directory = os.path.realpath(directory) directory = os.path.realpath(directory)
path = os.path.normpath(path) path = os.path.normpath(path)
fullpath = os.path.realpath(os.path.join(directory, path)) fullpath = os.path.abspath(os.path.join(directory, path))
# protect against directory transversal: https://security.openstack.org/guidelines/dg_using-file-paths.html # protect against directory transversal: https://security.openstack.org/guidelines/dg_using-file-paths.html
if not fullpath.startswith(directory): if not fullpath.startswith(directory):