ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2025-02-21 01:42:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-03-04 22:42:04 +01:00
parent 36154a7ec4
commit 84946d28ff
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lollms/security.py
View File

@ -11,11 +11,13 @@ def sanitize_path(path:str, allow_absolute_path:bool=False, error_text="Absolute
if (not allow_absolute_path) and Path(path).is_absolute():
ASCIIColors.warning(error_text)
raise exception_text
return path
def sanitize_path_from_endpoint(path:str, error_text="A suspected LFI attack detected. The path sent to the server has .. in it!", exception_text="Invalid path!"):
if (".." in path or Path(path).is_absolute()):
ASCIIColors.error(error_text)
raise HTTPException(status_code=400, detail=exception_text)
return path
def forbid_remote_access(lollmsElfServer):
if lollmsElfServer.config.host!="localhost" and lollmsElfServer.config.host!="127.0.0.1":