mirror of
https://github.com/ParisNeo/lollms.git
synced 2024-12-24 06:46:40 +00:00
fixed vulenerability
This commit is contained in:
parent
85ed53a2b2
commit
1138a7a42b
@ -25,8 +25,7 @@ def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack det
|
||||
|
||||
def forbid_remote_access(lollmsElfServer):
|
||||
if lollmsElfServer.config.host!="localhost" and lollmsElfServer.config.host!="127.0.0.1":
|
||||
return {"status":False,"error":"Code execution is blocked when the server is exposed outside for very obvious reasons!"}
|
||||
|
||||
raise Exception("This functionality is forbidden if the server is exposed")
|
||||
|
||||
def validate_path(path, allowed_paths:List[str|Path]):
|
||||
# Convert the path to an absolute path
|
||||
|
@ -35,6 +35,9 @@ def add_events(sio:socketio):
|
||||
@sio.on('install_model')
|
||||
def install_model(sid, data):
|
||||
client_id = sid
|
||||
sanitize_path(data["type"])
|
||||
sanitize_path(data["path"])
|
||||
sanitize_path(data["variant_name"])
|
||||
tpe = threading.Thread(target=lollmsElfServer.binding.install_model, args=(data["type"], data["path"], data["variant_name"], client_id))
|
||||
tpe.start()
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user