IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that the load file paths are children of the storage directory. #5522

Browse Source
This commit is contained in:
Akshay Joshi
2022-11-14 19:28:48 +05:30
parent 998c0cb7b3
commit c5e9aa6357
3 changed files with 27 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web/pgadmin/tools/sqleditor/__init__.py
View File

@@ -1792,7 +1792,7 @@ def script():
def load_file():
"""
This function gets name of file from request data
reads the data and sends back in reponse
reads the data and sends back in response
"""
if request.data:
file_data = json.loads(request.data, encoding='utf-8')
@@ -1801,6 +1801,11 @@ def load_file():
# retrieve storage directory path
storage_manager_path = get_storage_directory()
try:
Filemanager.check_access_permission(storage_manager_path, file_path)
except Exception as e:
return internal_server_error(errormsg=str(e))
if storage_manager_path:
# generate full path of file
file_path = os.path.join(