Anonymous avatar Anonymous committed 5b3b038

thinking about security of static file handler

Comments (0)

Files changed (1)

django_wsgiserver/mediahandler.py

         path_info = environ['PATH_INFO']
         if path_info[0] == '/':
             path_info = path_info[1:]
-
+        # this is the thing I'm not sure is secure, can we prevent
+        # going up outof media root?
         file_path = os.path.join( self.media_root, path_info )
 
         if not os.path.exists( file_path ):
             output = BlockIterator(fp)
             
         return done( status, headers, output )
+
+
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.