querfunk/prolefeeder
2
0
Fork 0
Code Issues 4 Pull requests Releases Wiki Activity

make checking for illegal filenames explicit

Browse source
This commit is contained in:
neingeist 2018-11-12 19:42:01 +01:00
parent c63d66a877
commit f7aaeaa1cf
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
prolefeeder.py
View file

@ -55,12 +55,9 @@ def download():
def download_file(filename): def download_file(filename):
"""Download an output file""" """Download an output file"""
# Get attachment filename. This also makes sure that the user only downloads if filename not in attachment_filenames:
# (and removes) a file generated by us.
try:
attachment_filename = attachment_filenames.pop(filename)
except KeyError:
abort(404) abort(404)
attachment_filename = attachment_filenames.pop(filename)
fh = open(os.path.join(app.config['TMP_DIR'], filename), 'rb') fh = open(os.path.join(app.config['TMP_DIR'], filename), 'rb')
os.remove(os.path.join(app.config['TMP_DIR'], filename)) os.remove(os.path.join(app.config['TMP_DIR'], filename))