Changeset 1776

Timestamp:

10/27/07 12:30:54

Author:

fumanchu

Message:

2.1 fix for #744 (Malicious cookies may allow access to files outside the session directory).

Files:

• branches/cherrypy-2.1/cherrypy/lib/filter/sessionfilter.py (modified) (1 diff)

branches/cherrypy-2.1/cherrypy/lib/filter/sessionfilter.py

@@ -333 +333 @@
-        fileName = self.SESSION_PREFIX + id
-        filePath = os.path.join(storagePath, fileName)
+        if not os.path.normpath(filePath).startswith(storagePath):
+            raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
-        return filePath
-