Fixed the huntr reported vulenerability: c70c6732-23b3-4ef8-aec6-0a47467d1ed5

2024-12-18 20:17:50 +00:00 · 2024-10-13 16:38:13 +02:00 · 2024-10-13 16:38:13 +02:00 · f6e407a600
commit f6e407a600
parent d3af9090ea
3 changed files with 5 additions and 2 deletions
--- a/endpoints/lollms_advanced.py
+++ b/endpoints/lollms_advanced.py
@ -209,6 +209,7 @@ async def execute_code_in_new_tab(request: CodeRequest):
    

 class FilePath(BaseModel):
+    client_id: str
    path: Optional[str] = Field(None, max_length=500)

@router.post("/open_file")
@ -219,6 +220,8 @@ async def open_file(file_path: FilePath):
    :param file_path: The file path object.
    :return: A JSON response with the status of the operation.
    """
+    check_access(lollmsElfServer, client_id=file_path.client_id)
+    
    if lollmsElfServer.config.headless_server_mode:
        return {"status":False,"error":"Open file is blocked when in headless mode for obvious security reasons!"}

--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 08f2b466c91dc84cf56a4871e13e1cf42afc7ece
+Subproject commit 9fec7a86ec981112121fdcdce27f7bace6d08828
--- a/zoos/personalities_zoo
+++ b/zoos/personalities_zoo
@ -1 +1 @@
-Subproject commit 373837c263a1c619b085c602c68302aab2a96a32
+Subproject commit 00a08dcd830e501d0c2ce5b7c15ebe7996ecbac9