New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
path_traversal with venv #70
Comments
Hi, the path traversal check is indeed broken, for now you could just monkey patch that function to always return I think that doing |
@kucera-lukas thank u very much! I have already done it ;) |
Hi @netstuff, can you share your config file without creds. ?
or
or
|
Hi @Turall ! Here is my config (private settings is hidden by ConnectionConfig(
TEMPLATE_FOLDER=PosixPath('/Users/netstuff/project/api/src/templates/mail'),
SUPPRESS_SEND=1,
USE_CREDENTIALS=True,
VALIDATE_CERTS=True,
**MAIL_SETTINGS
) |
if your project root folder is |
@netstuff could you solve your problem? |
I'm facing the same issue than @netstuff , and |
Hello!
I'm using
poetry
and got an issue withTEMPLATE_FOLDER
option with exceptionTemplateFolderDoesNotExist
because it not pass path_traversal check.After debug I found out that:
base = Path(__file__).parent.parent
insidepath_traversal
equals toPosixPath('/Users/netstuff/Sites/mailout/api/.venv/lib/python3.9/site-packages')
TEMPLATE_FOLDER
path equals toPosixPath('/Users/netstuff/Sites/mailout/api/src/mailout/templates/mail')
What can I do with it?
Thank you.
The text was updated successfully, but these errors were encountered: