Commits

Robert Brewer  committed 0d4d615

2.x fix for #744 (Malicious cookies may allow access to files outside the session directory).

  • Participants
  • Parent commits c025fc4
  • Branches cherrypy-2.x

Comments (0)

Files changed (1)

File cherrypy/filters/sessionfilter.py

             raise SessionStoragePathNotConfiguredError()
         fileName = self.SESSION_PREFIX + id
         file_path = os.path.join(storage_path, fileName)
+        if not os.path.normpath(file_path).startswith(storage_path):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
         return file_path
     
     def _lock_file(self, path):