Enhanced

tests/pentests/test_sanitize/test.py

@@ -4,6 +4,8 @@
 import re
 import pytest
 def sanitize_path_from_endpoint(path: str, error_text="A suspected LFI attack detected. The path sent to the server has suspicious elements in it!", exception_text="Invalid path!"):
+    if path.strip().startswith("/"):
+        raise HTTPException(status_code=400, detail=exception_text)
     # Fix the case of "/" at the beginning on the path
     if path is None:
         return path
@@ -25,7 +27,9 @@ def test_sanitize_path_from_endpoint():
     assert sanitize_path_from_endpoint(valid_path) == "example/path"
 
     # Test a path with suspicious elements
-    suspicious_path = "/images//D:/POC/secret.txt"
+    suspicious_path = "/D:/POC/secret.txt"
+
+    #suspicious_path = "/images//D:/POC/secret.txt"
     with pytest.raises(HTTPException):
         sanitize_path_from_endpoint(suspicious_path)
 

web/dist/index.html

@@ -6,8 +6,8 @@
 
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>LoLLMS WebUI - Welcome</title>
-    <script type="module" crossorigin src="/assets/index-98910268.js"></script>
-    <link rel="stylesheet" href="/assets/index-dbb96f42.css">
+    <script type="module" crossorigin src="/assets/index-91ab3091.js"></script>
+    <link rel="stylesheet" href="/assets/index-d4c7f2b1.css">
   </head>
   <body>
     <div id="app"></div>

web/src/views/DiscussionsView.vue

@@ -1342,6 +1342,7 @@ export default {
                     messageItem && (msgObj.message_type==this.msgTypes.MSG_TYPE_FULL ||
                     msgObj.message_type==this.msgTypes.MSG_TYPE_FULL_INVISIBLE_TO_AI)
                 ) {
+                    this.isGenerating = true;
                     messageItem.content = msgObj.content
                     messageItem.finished_generating_at = msgObj.finished_generating_at
                 }