Robert Brewer committed 29c0b4b

3.0.x fix for #744 (Malicious cookies may allow access to files outside the session directory).

Comments (0)

Files changed (1)


     def _get_file_path(self):
-        return os.path.join(self.storage_path, self.SESSION_PREFIX +
+        f = os.path.join(self.storage_path, self.SESSION_PREFIX +
+        if not os.path.normpath(f).startswith(self.storage_path):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
+        return f
     def _load(self, path=None):
         if path is None:
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.