ExternalVendorCode/lollms
1
0
Fork 0
mirror of https://github.com/ParisNeo/lollms.git synced 2025-03-11 06:54:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update security.py

Browse Source
This commit is contained in:
Saifeddine ALOUI 2024-04-30 11:35:40 +02:00 committed by GitHub
parent d577405d6a
commit d84083118e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lollms/security.py
View File

@ -141,7 +141,7 @@ def sanitize_path(path: str, allow_absolute_path: bool = False, error_text="Abso
raise HTTPException(status_code=400, detail=exception_text)
# Detect if any unauthorized characters, excluding the dot character, are present in the path
unauthorized_chars = set('!"#$%&\'()*+,:;<=>?@[]^`{|}~')
unauthorized_chars = set('!"#$%&\'()*+,;<=>?@[]^`{|}~')
if any(char in unauthorized_chars for char in path):
raise HTTPException(status_code=400, detail=exception_text)
@ -184,7 +184,7 @@ def sanitize_path_from_endpoint(path: str, error_text: str = "A suspected LFI at
suspicious_patterns = re.compile(r'(\.\.+)|(/+/)')
# Detect if any unauthorized characters, excluding the dot character, are present in the path
unauthorized_chars = set('!"#$%&\'()*+,:;<=>?@[]^`{|}~')
unauthorized_chars = set('!"#$%&\'()*+,;<=>?@[]^`{|}~')
if any(char in unauthorized_chars for char in path):
raise HTTPException(status_code=400, detail=exception_text)