Commits

Robert Brewer committed 6bd51d5

Trunk fix for #744 (Malicious cookies may allow access to files outside the session directory).

  • Participants
  • Parent commits 9442577

Comments (0)

Files changed (1)

File cherrypy/lib/sessions.py

     setup = classmethod(setup)
     
     def _get_file_path(self):
-        return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
+        f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
+        if not os.path.normpath(f).startswith(self.storage_path):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
+        return f
     
     def _load(self, path=None):
         if path is None: