mirror of
https://github.com/ParisNeo/lollms-webui.git
synced 2024-12-18 20:17:50 +00:00
Fixed the huntr reported vulenerability: c70c6732-23b3-4ef8-aec6-0a47467d1ed5
This commit is contained in:
parent
d3af9090ea
commit
f6e407a600
@ -209,6 +209,7 @@ async def execute_code_in_new_tab(request: CodeRequest):
|
|||||||
|
|
||||||
|
|
||||||
class FilePath(BaseModel):
|
class FilePath(BaseModel):
|
||||||
|
client_id: str
|
||||||
path: Optional[str] = Field(None, max_length=500)
|
path: Optional[str] = Field(None, max_length=500)
|
||||||
|
|
||||||
@router.post("/open_file")
|
@router.post("/open_file")
|
||||||
@ -219,6 +220,8 @@ async def open_file(file_path: FilePath):
|
|||||||
:param file_path: The file path object.
|
:param file_path: The file path object.
|
||||||
:return: A JSON response with the status of the operation.
|
:return: A JSON response with the status of the operation.
|
||||||
"""
|
"""
|
||||||
|
check_access(lollmsElfServer, client_id=file_path.client_id)
|
||||||
|
|
||||||
if lollmsElfServer.config.headless_server_mode:
|
if lollmsElfServer.config.headless_server_mode:
|
||||||
return {"status":False,"error":"Open file is blocked when in headless mode for obvious security reasons!"}
|
return {"status":False,"error":"Open file is blocked when in headless mode for obvious security reasons!"}
|
||||||
|
|
||||||
|
@ -1 +1 @@
|
|||||||
Subproject commit 08f2b466c91dc84cf56a4871e13e1cf42afc7ece
|
Subproject commit 9fec7a86ec981112121fdcdce27f7bace6d08828
|
@ -1 +1 @@
|
|||||||
Subproject commit 373837c263a1c619b085c602c68302aab2a96a32
|
Subproject commit 00a08dcd830e501d0c2ce5b7c15ebe7996ecbac9
|
Loading…
Reference in New Issue
Block a user