mirror of
https://github.com/Mintplex-Labs/anything-llm.git
synced 2024-10-05 18:30:09 +02:00
prevent deletion of documents not in hotdir via director traversal (#258)
resolves #257
This commit is contained in:
parent
d5b1f84a4c
commit
18798c5b64
@ -1,3 +1,4 @@
|
|||||||
|
import os
|
||||||
from flask import Flask, json, request
|
from flask import Flask, json, request
|
||||||
from scripts.watch.process_single import process_single
|
from scripts.watch.process_single import process_single
|
||||||
from scripts.watch.filetypes import ACCEPTED_MIMES
|
from scripts.watch.filetypes import ACCEPTED_MIMES
|
||||||
@ -7,7 +8,7 @@ WATCH_DIRECTORY = "hotdir"
|
|||||||
@api.route('/process', methods=['POST'])
|
@api.route('/process', methods=['POST'])
|
||||||
def process_file():
|
def process_file():
|
||||||
content = request.json
|
content = request.json
|
||||||
target_filename = content.get('filename')
|
target_filename = os.path.normpath(content.get('filename')).lstrip(os.pardir + os.sep)
|
||||||
print(f"Processing {target_filename}")
|
print(f"Processing {target_filename}")
|
||||||
success, reason = process_single(WATCH_DIRECTORY, target_filename)
|
success, reason = process_single(WATCH_DIRECTORY, target_filename)
|
||||||
return json.dumps({'filename': target_filename, 'success': success, 'reason': reason})
|
return json.dumps({'filename': target_filename, 'success': success, 'reason': reason})
|
||||||
|
Loading…
Reference in New Issue
Block a user