Skip to content

Commit

Permalink
Merge pull request #935 from ethansilvas/master
Browse files Browse the repository at this point in the history
Sanitize filenames file upload/delete
  • Loading branch information
assafelovic authored Oct 21, 2024
2 parents 27976a6 + 4cda3bf commit 98ca10b
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions backend/server/server_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ def update_environment_variables(config: Dict[str, str]):


async def handle_file_upload(file, DOC_PATH: str) -> Dict[str, str]:
file_path = os.path.join(DOC_PATH, file.filename)
file_path = os.path.join(DOC_PATH, os.path.basename(file.filename))
with open(file_path, "wb") as buffer:
shutil.copyfileobj(file.file, buffer)
print(f"File uploaded to {file_path}")
Expand All @@ -91,7 +91,7 @@ async def handle_file_upload(file, DOC_PATH: str) -> Dict[str, str]:


async def handle_file_deletion(filename: str, DOC_PATH: str) -> JSONResponse:
file_path = os.path.join(DOC_PATH, filename)
file_path = os.path.join(DOC_PATH, os.path.basename(filename))
if os.path.exists(file_path):
os.remove(file_path)
print(f"File deleted: {file_path}")
Expand Down

0 comments on commit 98ca10b

Please sign in to comment.