Skip to content

Instantly share code, notes, and snippets.

@stevage stevage/gist:2210943
Created Mar 27, 2012

Embed
What would you like to do?
Checking for unsafe filename paths
Version 1:
def is_evil(filename):
import re
return re.search("^/|\.\./|:|//", filename)
if is_evil(filename):
filename = path.basename(filename)
copyto = path.join(dataset_path, filename)
Version 2:
copyto = path.join(dataset_path, filename)
if not copyto.startswith(dataset_path):
copyto = path.join(dataset_path, path.basename(filename))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.