administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-02-06 19:25:22 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Ensure deleted export file name is safe

Browse Source
This commit is contained in:
Nicolas Mowen 2023-10-07 08:01:49 -06:00 committed by GitHub
parent 14d2b79c72
commit 8f86198cbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
frigate/http.py
View File

@ -11,6 +11,7 @@ from datetime import datetime, timedelta, timezone
from functools import reduce
from pathlib import Path
from urllib.parse import unquote
from werkzeug.utils import secure_filename
import cv2
import numpy as np
@ -1820,7 +1821,8 @@ def export_recording(camera_name: str, start_time, end_time):
@bp.route("/export/<file_name>", methods=["DELETE"])
def export_delete(file_name: str):
file = os.path.join(EXPORT_DIR, file_name)
safe_file_name = secure_filename(file_name)
file = os.path.join(EXPORT_DIR, safe_file_name)
if not os.path.exists(file):
return make_response(