search

sabuhish / fastapi-mail

Fastapi mail system sending mails(individual, bulk) attachments(individual, bulk)
https://sabuhish.github.io/fastapi-mail/
MIT License
673 stars 82 forks source link

Why is the validate_path necessary? #166

Closed puehringer closed 1 year ago

puehringer commented 1 year ago

First of all, thanks for the great library!

In https://github.com/sabuhish/fastapi-mail/pull/17, the validate_path was introduced basically ensuring that the attachment is a child of the path in which python was executed. However, I don't see a good reason why that is important.

Now imagine I start python in /home/user, but the attachment is placed in /tmp/attachment.png. This would now fail with: 

  File "/opt/venv/lib/python3.10/site-packages/fastapi_mail/schemas.py", line 67, in validate_file
    raise WrongFile('incorrect file path for attachment or not readable')
fastapi_mail.errors.WrongFile: incorrect file path for attachment or not readable
sabuhish commented 1 year ago

Hi @puehringer, I agree with you, that changes blocks accessing files outside of the app. It is a restriction done by us. I am down to remove this check.

sabuhish commented 1 year ago

This feature was removed in v1.2.3, please use that version. Thanks for rising this issue