misc: let django.views.static.serve do its job (#75700)
gitea/passerelle/pipeline/head This commit looks good
Details
gitea/passerelle/pipeline/head This commit looks good
Details
It already checks the security of the given path through django.utils._os.safe_join() and checks if the file exists.
This commit is contained in:
Gitea
parent
2fbfeedb14
commit
9c85b556f2
|
|
@ -19,7 +19,6 @@ import hashlib
|
|||
import inspect
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import uuid
|
||||
from urllib.parse import quote
|
||||
|
||||
|
|
@ -637,13 +636,4 @@ class GenericExportConnectorView(GenericConnectorMixin, DetailView):
|
|||
class MediaView(View):
|
||||
def get(self, request, path, *args, **kwargs):
|
||||
document_root = DefaultStorage().location
|
||||
filename = DefaultStorage().path(path)
|
||||
filename = os.path.realpath(filename)
|
||||
if (
|
||||
not os.path.isabs(filename)
|
||||
or not filename.startswith(document_root)
|
||||
or not os.path.exists(filename)
|
||||
or not os.path.isfile(filename)
|
||||
):
|
||||
raise Http404()
|
||||
return serve(request, path, document_root=document_root, show_indexes=False)
|
||||
|
|
|
|||
Loading…
Reference in New Issue