QingdaoU/OnlineJudge
1
0
Fork 0
mirror of https://github.com/QingdaoU/OnlineJudge.git synced 2024-12-29 16:41:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix directory traversal

Browse Source
This commit is contained in:
virusdefender 2017-11-24 23:29:40 +08:00
parent 7cc33d0701
commit 9889ac5b4a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
account/views/admin.py
View File

@ -150,7 +150,7 @@ class GenerateUserAPI(APIView):
file_id = request.GET.get("file_id") file_id = request.GET.get("file_id")
if not file_id: if not file_id:
return self.error("Invalid Parameter, file_id is required") return self.error("Invalid Parameter, file_id is required")
if not re.match(r"[a-zA-Z0-9]+", file_id): if not re.match(r"^[a-zA-Z0-9]+$", file_id):
return self.error("Illegal file_id") return self.error("Illegal file_id")
file_path = f"/tmp/{file_id}.xlsx" file_path = f"/tmp/{file_id}.xlsx"
if not os.path.isfile(file_path): if not os.path.isfile(file_path):