administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-02-06 19:25:22 +03:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Ensure deleted export file name is safe

Browse Source
This commit is contained in:
Nicolas Mowen 2023-10-07 08:01:49 -06:00 committed by GitHub
parent 14d2b79c72
commit 8f86198cbc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
frigate/http.py
View File

@ -11,6 +11,7 @@ from datetime import datetime, timedelta, timezone
from functools import reduce from functools import reduce
from pathlib import Path from pathlib import Path
from urllib.parse import unquote from urllib.parse import unquote
from werkzeug.utils import secure_filename
import cv2 import cv2
import numpy as np import numpy as np
@ -1820,7 +1821,8 @@ def export_recording(camera_name: str, start_time, end_time):
@bp.route("/export/<file_name>", methods=["DELETE"]) @bp.route("/export/<file_name>", methods=["DELETE"])
def export_delete(file_name: str): def export_delete(file_name: str):
file = os.path.join(EXPORT_DIR, file_name) safe_file_name = secure_filename(file_name)
file = os.path.join(EXPORT_DIR, safe_file_name)
if not os.path.exists(file): if not os.path.exists(file):
return make_response( return make_response(