Skip to content

Commit

Permalink
Sanitize filepaths
Browse files Browse the repository at this point in the history
  • Loading branch information
@kofalt
kofalt committed Dec 7, 2015
1 parent 36b4861 commit 41f37d9
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions api/files.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,14 +80,14 @@ def __init__(self, request, dest_path, filename=None, hash_alg='sha384'):
def _save_multipart_file(self, dest_path, hash_alg):
form = getHashingFieldStorage(dest_path, hash_alg)(fp=self.body, environ=self.environ, keep_blank_values=True)
self.received_file = form['file'].file
self.filename = form['file'].filename
self.filename = os.path.basename(form['file'].filename)
self.tags = json.loads(form['tags'].file.getvalue()) if 'tags' in form else None
self.metadata = json.loads(form['metadata'].file.getvalue()) if 'metadata' in form else None

def _save_body_file(self, dest_path, filename, hash_alg):
if not filename:
raise FileStoreException('filename is required for body uploads')
self.filename = filename
self.filename = os.path.basename(filename)
self.received_file = HashingFile(os.path.join(dest_path, filename), hash_alg)
for chunk in iter(lambda: self.body.read(2**20), ''):
self.received_file.write(chunk)
Expand Down

0 comments on commit 41f37d9

Please sign in to comment.