Commits

Robert Brewer committed 29c0b4b

3.0.x fix for #744 (Malicious cookies may allow access to files outside the session directory).

  • Participants
  • Parent commits 5960520
  • Branches cherrypy-3.0.x

Comments (0)

Files changed (1)

File cherrypy/lib/sessions.py

                     os.path.abspath(self.storage_path)))
     
     def _get_file_path(self):
-        return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
+        f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id)
+        if not os.path.normpath(f).startswith(self.storage_path):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
+        return f
     
     def _load(self, path=None):
         if path is None: