Download Install Tutorial Docs FAQ Tools WikiLicense Team IRC Planet Involvement Shop Book

Changeset 1774

Show
Ignore:
Timestamp:
10/27/07 12:20:13
Author:
fumanchu
Message:

3.0.x fix for #744 (Malicious cookies may allow access to files outside the session directory).

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/cherrypy-3.0.x/cherrypy/lib/sessions.py

    r1715 r1774  
    261261     
    262262    def _get_file_path(self): 
    263         return os.path.join(self.storage_path, self.SESSION_PREFIX + self.id) 
     263        f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id) 
     264        if not os.path.normpath(f).startswith(self.storage_path): 
     265            raise cherrypy.HTTPError(400, "Invalid session id in cookie.") 
     266        return f 
    264267     
    265268    def _load(self, path=None): 

Hosted by WebFaction

Log in as guest/cpguest to create tickets