diff options
| author | Robert Brewer <fumanchu@aminus.org> | 2007-10-27 17:23:47 +0000 |
|---|---|---|
| committer | Robert Brewer <fumanchu@aminus.org> | 2007-10-27 17:23:47 +0000 |
| commit | d5941984d1454e9d128b5fcb9726c06cbcc605de (patch) | |
| tree | f45e250f19b9b6188b1aa86e08024b596c037fe0 | |
| parent | 8f88043e2e5643f43f16a345430b372f340632c6 (diff) | |
| download | cherrypy-d5941984d1454e9d128b5fcb9726c06cbcc605de.tar.gz | |
2.x fix for #744 (Malicious cookies may allow access to files outside the session directory).
| -rw-r--r-- | cherrypy/filters/sessionfilter.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/cherrypy/filters/sessionfilter.py b/cherrypy/filters/sessionfilter.py index 2391c321..b8812ecf 100644 --- a/cherrypy/filters/sessionfilter.py +++ b/cherrypy/filters/sessionfilter.py @@ -347,6 +347,8 @@ class FileStorage: raise SessionStoragePathNotConfiguredError() fileName = self.SESSION_PREFIX + id file_path = os.path.join(storage_path, fileName) + if not os.path.normpath(file_path).startswith(storage_path): + raise cherrypy.HTTPError(400, "Invalid session id in cookie.") return file_path def _lock_file(self, path): |