make checking for illegal filenames explicit
This commit is contained in:
parent
c63d66a877
commit
f7aaeaa1cf
1 changed files with 2 additions and 5 deletions
|
@ -55,12 +55,9 @@ def download():
|
||||||
def download_file(filename):
|
def download_file(filename):
|
||||||
"""Download an output file"""
|
"""Download an output file"""
|
||||||
|
|
||||||
# Get attachment filename. This also makes sure that the user only downloads
|
if filename not in attachment_filenames:
|
||||||
# (and removes) a file generated by us.
|
|
||||||
try:
|
|
||||||
attachment_filename = attachment_filenames.pop(filename)
|
|
||||||
except KeyError:
|
|
||||||
abort(404)
|
abort(404)
|
||||||
|
attachment_filename = attachment_filenames.pop(filename)
|
||||||
|
|
||||||
fh = open(os.path.join(app.config['TMP_DIR'], filename), 'rb')
|
fh = open(os.path.join(app.config['TMP_DIR'], filename), 'rb')
|
||||||
os.remove(os.path.join(app.config['TMP_DIR'], filename))
|
os.remove(os.path.join(app.config['TMP_DIR'], filename))
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue