Changeset 1932
- Timestamp:
- 03/18/08 13:28:46
- Files:
-
- trunk/cherrypy/lib/sessions.py (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/cherrypy/lib/sessions.py
r1926 r1932 309 309 def _get_file_path(self): 310 310 f = os.path.join(self.storage_path, self.SESSION_PREFIX + self.id) 311 if not os.path. normpath(f).startswith(self.storage_path):311 if not os.path.abspath(f).startswith(self.storage_path): 312 312 raise cherrypy.HTTPError(400, "Invalid session id in cookie.") 313 313 return f
