Skip to content

Commit

Permalink
Merge branch 'bug/gcode_script_vuln' into staging/bugfix
Browse files Browse the repository at this point in the history
  • Loading branch information
foosel committed Oct 9, 2023
2 parents 2b7c015 + 3bde48a commit d0072cf
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions src/octoprint/settings/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -593,9 +593,10 @@ def _get_default_folder(self, type):
return folder

def _init_script_templating(self):
from jinja2 import BaseLoader, ChoiceLoader, Environment, TemplateNotFound
from jinja2 import BaseLoader, ChoiceLoader, TemplateNotFound
from jinja2.ext import Extension
from jinja2.nodes import Include
from jinja2.sandbox import SandboxedEnvironment

from octoprint.util.jinja import FilteredFileSystemLoader

Expand Down Expand Up @@ -664,9 +665,9 @@ def get_source(self, environment, template):
def list_templates(self):
return self._default.list_templates()

class RelEnvironment(Environment):
class RelEnvironment(SandboxedEnvironment):
def __init__(self, prefix_sep=":", *args, **kwargs):
Environment.__init__(self, *args, **kwargs)
super().__init__(*args, **kwargs)
self._prefix_sep = prefix_sep

def join_path(self, template, parent):
Expand Down

0 comments on commit d0072cf

Please sign in to comment.