make checking for illegal filenames explicit

stable
neingeist 6 years ago
parent c63d66a877
commit f7aaeaa1cf

@ -55,12 +55,9 @@ def download():
def download_file(filename): def download_file(filename):
"""Download an output file""" """Download an output file"""
# Get attachment filename. This also makes sure that the user only downloads if filename not in attachment_filenames:
# (and removes) a file generated by us.
try:
attachment_filename = attachment_filenames.pop(filename)
except KeyError:
abort(404) abort(404)
attachment_filename = attachment_filenames.pop(filename)
fh = open(os.path.join(app.config['TMP_DIR'], filename), 'rb') fh = open(os.path.join(app.config['TMP_DIR'], filename), 'rb')
os.remove(os.path.join(app.config['TMP_DIR'], filename)) os.remove(os.path.join(app.config['TMP_DIR'], filename))

Loading…
Cancel
Save