Skip to content

Commit

Permalink
web: add uri_path_is_safe
Browse files Browse the repository at this point in the history
  • Loading branch information
@borisfaure
borisfaure committed Jun 21, 2010
1 parent 52bd12f commit 0a73baa
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions amsn2/ui/front_ends/web/bend.py
View file
Expand Up @@ -8,6 +8,21 @@
READ_CHUNK_SIZE = 4096
BASEPATH="amsn2/ui/front_ends/web/static"

def uri_path_is_safe(path):
if not BASEPATH and path[0] == '/':
return false
elif path[0:1] == '..':
return false

l = path.split('/')
b = [d for d in l if d == '..']

if len(b) >= len(l):
return false

return true


class TinyHTTPServer(object):
def __init__(self, backend, socket, peer):
self._backend = backend
Expand Down

0 comments on commit 0a73baa

Please sign in to comment.