update controller functions check path resolves in files folder p2

eNMS-automation · Mar 9, 2024 · 90a3973 · 90a3973
1 parent 07b5062
commit 90a3973
Showing 1 changed file with 3 additions and 7 deletions.
diff --git a/eNMS/controller.py b/eNMS/controller.py
@@ -317,16 +317,12 @@ def delete_builder_selection(self, type, id, **selection):
 
     def edit_file(self, filepath):
         scoped_path = filepath.replace(">", "/")
-        full_path = f"{vs.file_path}{scoped_path}"
-        if not str(Path(full_path).resolve()).startswith(f"{vs.file_path}/"):
-            return {"error": "The path resolves outside of the files folder."}
+        file = db.fetch("file", path=scoped_path)
         try:
-            with open(full_path) as file:
+            with open(f"{vs.file_path}{scoped_path}") as file:
                 return file.read()
         except FileNotFoundError:
-            file = db.fetch("file", path=scoped_path, allow_none=True)
-            if file:
-                file.status = "Not Found"
+            file.status = "Not Found"
             return {"error": "File not found on disk."}
         except UnicodeDecodeError:
             return {"error": "Cannot read file (unsupported type)."}