Download Install Tutorial Docs FAQ Tools WikiLicense Team IRC Planet Involvement Shop Book

Changeset 1773

Show
Ignore:
Timestamp:
10/27/07 12:15:58
Author:
fumanchu
Message:

Trunk fix for #744 (Malicious cookies may allow access to files outside the session directory).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/cherrypy/lib/sessions.py

    r1770 r1773  
    283283     
    284284    def _get_file_path(self): 
    285         return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id) 
     285        f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id) 
     286        if not os.path.normpath(f).startswith(self.storage_path): 
     287            raise cherrypy.HTTPError(400, "Invalid session id in cookie.") 
     288        return f 
    286289     
    287290    def _load(self, path=None): 

Hosted by WebFaction

Log in as guest/cpguest to create tickets