fixing 1d218c74-3f80-476d-bdbe-8ccb65374405

2025-04-13 22:02:56 +00:00 · 2024-05-01 22:17:03 +02:00 · 2024-05-01 22:17:03 +02:00 · bbabf14fd9
commit bbabf14fd9
parent a668646ba9
1 changed files with 2 additions and 3 deletions
--- a/lollms/security.py
+++ b/lollms/security.py
@ -125,13 +125,12 @@ def sanitize_path(path: str, allow_absolute_path: bool = False, error_text="Abso
    """    
    if path is None:
        return path
-    
-    if not allow_absolute_path and path.strip().startswith("/"):
-        raise HTTPException(status_code=400, detail=exception_text)

    # Normalize path to use forward slashes
    path = path.replace('\\', '/')

+    if not allow_absolute_path and path.strip().startswith("/"):
+        raise HTTPException(status_code=400, detail=exception_text)

    # Regular expression to detect patterns like "....", multiple forward slashes, and command injection attempts like $(whoami)
    suspicious_patterns = re.compile(r'(\.\.+)|(/+/)|(\$\(.*\))')